r  Cybersecurity  Czar  Demands  Vendor  Accountability 


Page  76 


JUNE  15,  2002  •  $9.00 


cio.com 


RICHARD  CLARKE,  chairman  of  the  Critical 
Infrastructure  Protection  Board 


YOU  CANT 
OUTSOURCE 

CITY  HALL 

Why  City  and  State 
Deals  Always  Fail 


The  Magazine  for  Information  Exec 


CIOs  Prescribe 
CRM  for 
Health  Care’s  Woes 

Page  88 


JAMES  WADE, chief  security 
officer  of  the  Federal  Reserve 
System:  “It’s  difficult  for 
IT  people  to  appreciate  the 
risks  involved”  in  B2B 
relationships.  He  does. 


SPECIAL  B2B  REPORT 


YOUR  PARTNERS  ARE  PUTTING  YOU 


Practice 


plus  Tips  to  Recruit  More  Partners  for  Maximum  Profits  page52 


TREND 

micro" 


If  left  alone,  technology  will  do  what  it  was  originally  designed  to  do.  Nothing 
more  and  nothing  less.  Forever.  But,  in  reality,  every  single  moment  of  every 
single  day  is  as  different  as  the  last. 


Technology 
the  future. 


©2002  Trend  Micro  Incorporated.  All  rights  reserved.  Trend  Micro  Inc.  and  the  T-ball  logo  are  trademarks  ol  Trend  Micro  Inc. 
and  registered  in  certain  jurisdictions.  All  other  brand  and  product  names  are  the  registered  trademarks  of  their  companies. 


V 

■  ■ 


cannot  prepare  us  for 
It  is  incapable  of  intuition 


Intuition  is  the  application  of  knowledge  based  on  experiences,  patterns  and  trends.  Only  when 
technology  is  combined  with  the  human  ability  to  create  new  strategies  can  information  be 
protected.  Intuitive  Information  Security  melds  human  intuition  and  adaptive  technology  together 
to  create  evolving  strategies.  Ones  able  to  protect  information  and  anticipate  threats  across  the 
entire  network  instantly.  Now,  and  well  into  the  future. 


INTRODUCING  E-BUSINESS  ON  DEMAND 
THE  NEXT  UTILITY 


You  don’t  wrestle  with  electrical  wires.  You  don’t 
wrestle  with  plumbing.  You  don’t  wrestle  with  telephone 
cables.  So  why  wrestle  with  e-business  infrastructure? 
Leave  it  to  the  specialists,  e-business  on  demand™ 
takes  care  of  storage  solutions,  business  applications, 
hardware,  integration  and  consulting.  You  just  close  the 
door  and  walk  away.  Good  riddance.  Good  news.  It’s 
The  Next  Utility.™  Visit  ibm.com/e-business/ondemand 
or  ask  for  on  demand  at  800  IBM-7080. 


VOL.  15  •  NO.  17  •  JUNE  15,  2002 


Cover  Story 

B2B  PARTNERSHIPS 
SECURITY !  52 

How  to  Practice  Safe  B2B 

Before  swapping  information  with  multiple  e-commerce  partners, 
it  pays  to  protect  yourself  by  pushing  partners  to  adopt  better 
security  practices.  By  Eric  Berkman 

RECRUITMENT  I  60 

How  to  Grow  Your 
B2B  Network 

Forget  the  80/20  rule,  and  stop  wasting  money.  You  need  to  get 
the  rest  of  your  trading  partners  online  to  reap  a  real  return  from 
e-commerce.  By  Meridith  Levinson 

\ 

COVER  PHOTO  BY  KATHERINE  LAMBERT 


Features 

GOVERNMENT  OUTSOURCING 
You  Can’t  Outsource  City  Hall  I  66 

The  state  and  local  government  outsourcing  marketplace  was 
supposed  to  explode,  but  we’re  still  waiting  to  see  a  spark.  It’s 
time  to  devise  a  new  plan  to  revitalize  public  sector  IT. 

By  Tom  Field 


“We  don’t  want  to  regulate.  We’d 
like  voluntary  cooperation 
because  it  works  better  if  people 
thinkthey’re  doing  it  in  their 
own  best  interest,”  says  Richard 
Clarke,  President  Bush’s  top 
cybersecurity  adviser.  For  more 
on  his  mission,  see  Page  76. 


James  Wade,  chief  security  officer  for  the  Federal  Reserve  System: 
“If  security  is  buried  in  the  technical  bowels  of  the  organization,  it’s 
probably  not  having  significant  influence  on  senior  management.” 


SECURITY  Q&A 

They  Want  You  for  a  Safer  Infrastructure  I  76 

Richard  Clarke  and  Howard  Schmidt  are  coordinating  a  volunteer 
effort  to  try  to  protect  the  nation’s  critical  infrastructure.  Can  they 
convince  corporate  America  to  play  along?  By  Sarah  D.  Scalet 

CRM 

CIOs  at  the  Heart  of  Health-Care  Change  I  88 

For  good  or  ill,  CIOs  are  reshaping  the  way  health  care  is  delivered  in 
America.  By  Scott  Berinato 

BOOK  EXCERPT  I  LEADERSHIP 
Managing  People  Politics  I  96 

Line  up  partners,  position  your  enemies,  and  control  those  on  the 
fence — six  lessons  in  being  a  leader.  By  Ronald  A.  Heifetz  and  Marty 
Linsky 


MORE  ►►  ► 


•  www.cio.com 


And  now,  a  few  words 
about  data  back  up: 


For  the  tech  crowd: 

BrightStor™  Storage  Software 

More.  More.  And  now.  These  are  the  words  most  frequently 
associated  with  storage  needs.  The  explosion  in  web  activity, 
the  perpetually  increasing  number  of  applications  coming 
out  that  require  larger  databases  and  the  spiraling  complexity 
of  enterprise  storage  solutions  has  increased  the  demand  for 
immediate  solutions  to  growing  storage  problems. 

That's  why  there's  BrightStor  from  Computer  Associates  (CA). 
The  most  comprehensive  family  of  storage  solutions  on  the 
market,  BrightStor  solutions  are  completely  and  totally  open. 
Which  means  that  unlike  most  vendors,  who  are  focused 
solely  on  their  individual  solutions,  BrightStor  brings  multi¬ 
vendor  systems  and  the  environment  together  seamlessly. 

What  does  this  mean  for  you?  It  means  optimization  of 
resources  across  all  platforms  and  storage  types.  It  means  a 
greater  understanding  of  your  storage  resources  and  how  to 
best  allocate  them  to  fit  your  needs.  And  it  means  a  lower 
total  cost  of  ownership. 

Specifically,  BrightStor  provides  you  with  unparalleled  data 
protection,  real-time  data  availability,  and  the  ability  to  view, 
manage,  and  monitor  your  resources  from  a  central  location. 
And  BrightStor  is  the  only  software  of  its  kind  that 
incorporates  CA's  portal  technology  — the  leading  portal 
solution  on  the  market. 

Why  rely  on  Computer  Associates?  Because  we're  a 
completely  independent  software  company  with  over 
25  years  of  experience.  That's  how  we  got  to  be  the 
software  management  experts.  And  that's  why  99%  of 
the  Fortune  500®  rely  on  our  software. 

We  know  that  storage  is  no  longer  just  backing  up  what  you 
already  have.  It's  facilitating  integration  with  every  aspect  of 
your  entire  eBusiness.  It's  leveraging  all  of  your  existing 
capabilities  to  maximize  your  resources  enterprise-wide.  And, 
most  important,  it's  using  what  you  have  to  find  future 
opportunities  and  capitalize  on  them. 


For  everybody  else: 

Reliable  =  Good. 
Unreliable  =  Bad. 


Computer  Associates™ 


HELLO  TOMORROW 


TM 


WE  ARE  COMPUTER  ASSOCIATES 


THE  SOFTWARE  THAT  MANAGES  eBUSINESS’" 


ca.com/brightstor/storage 


CJ2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies 


A  beverage  rep,  a  busy  manager,  a  tablet  PC. 

A  SOPHISTICATED,  MULTI-MEDIA  PRESENTATION  IN 


Fujitsu  and  the  Fujitsu  logo  are  registered  trademarks  of  Fujitsu  Limited.  Stylistic  is  a  registered  trademark  of  Fujitsu  PC  Corporation.  Intel,  the  Intel  Inside  logo,  Pentium  and  Intel  SpeedStep  are  trademarks  or  registered 
trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation. 

©2002  Fujitsu  PC  Corporation.  All  rights  reserved. 


THE  DIAPER  AISLE. 


Take  advantage  of  every  hard-earned  second  you  get  with  your  customers.  Whether  they're 
sitting,  walking  or  running,  a  Stylistic®  LT  tablet  PC  with  touch-screen  technology  is  the 
ultimate  sales  tool.  Reveal  market  trends.  Check  inventory.  Display  product  lines.  Place  orders. 
It's  all  possible  with  the  Stylistic  LT.  A  PC  that's  flat-out  easier  to  handle  than  a  notebook  and 
infinitely  more  capable  than  a  PDA.  In  short,  a  PC  that  can  wow  customers  anywhere. 


Learn  how  our  pen  tablets  can  give  your  company  a  competitive  edge. 
Call  us  today  at  1-877-372-3473  or  visit  www.fujitsupc.com/pentablets. 


The  Stylistic®  LT  is  powered  by  an  ultra-low  voltage  Mobile  Intel®  Pentium®  III 
processor  600MHz  featuring  Intel  SpeedStep™  technology. 

Fujitsu  PCs  use  genuine  Microsoft®  Windows® 
http://www.microsoft.com/piracy/howtotell 


pentium®/// 


Fujfrsu 

THE  POSSIBILITIES  ARE  INFINITE 


Columns 

NET  GAINS 

Profit  from  Transparency  I  42 

Should  your  customers  compare  prices, 
post  opinions  and  pit  you  against  your 
competitors?  Absolutely. 

By  Mohanbir  Sawhney 

PEER  TO  PEER 
Step  Up  and  Lead  I  48 

Today  the  CIO  role  can  be  as  big  as 
you  want  it  to  be.  By  John  J.  Ciulla 

Sections 

TRENDLINES  I  24 

IT  saves  school  in  Brooklyn;  Survey  says: 
Deliver  ROI;  Dr.  E-mail;  FBI  seeks  new 

CIO.  And  more 

\ 

OFF  THE  SHELF  I  32 

First  Among  Equals  and  Small  Pieces 
Loosely  Joined ;  The  New  Book  Shelf; 
CIO  Best-Sellers 

WASHINGTON  WATCH  I  38 

Doom  for  the  NIPC? 


HOTSEAT  I  132 

Your  Guide 
to  Managing 

Yes,  We  Had  No  Integration 

Like  the  cobbler’s  children  who  had  no 
shoes,  CMGI  was  an  IT  company  that 
lacked  IT  basics.  Until  CIO  Jo  Hoppe 
arrived.  By  Edward  Prewitt 

Management  Briefs  I  136 

Using  bonuses  for  business  alignment. 

Leadership  Agenda  I  138 

IT  Parenting:  How  to  make  no  sound  like 
yes — and  raise  good  IT  citizens  in  the 
process.  By  Susan  H.  Cramm 


EMERGING  TECHNOLOGY  I  120 

New  tools  give  legacy  apps  a  better  life  on 
the  Web.  By  John  Edwards 

COOL  PRODUCT  I  124 

X-Top  multiple  monitor  systems  provide 
more  digital  real  estate. 

UNDER  DEVELOPMENT  I  126 

Can  IT  help  protect  the  public  from 
bioterrorism? 

COMPANIES  TO  WATCH  I  128 

TeaLeaf’s  tools  show  you  what  your  Web 
visitors  really  experience. 

PUNDITS  I  130 

The  latest  optimization  tools  can  help  you 
get  every  dollar  out  of  your  operations. 


“It’s  hard  to  believe  this  is  the  same  job 
I  had  nearly  10  years  ago.  Today  I’m  all 
over  our  company  and  all  over  the  country. 
Back  then,  I  was  in  the  basement.” 

-John  Ciulla,  CIO  at  Vignette,  on  the  new  CIO  role  Page  48 


Not  only  did  CIO  Jo  Hoppe  have  to  build  and  inte¬ 
grate  systems  for  CMGI’s  21  companies,  but  she 
had  to  do  it  at  “CMGI  speed,”  which  was  ASAP. 


In  Every  Issue 

FROM  THE  EDITOR 
Powers  of  Persuasion  I  16 

Optimism  can’t  make  B2B  networks 
succeed.  It  takes  hard  work — by  you. 

By  Abbie  Lundberg 

INBOX  I  18 

Reader  feedback 

INDEX  I  145 

EXECUTIVE  SUMMARY  I  146 

Abstracts  of  all  the  feature  stories  found 
in  this  issue. 


8 


CIO  JUNE  15,  2002  •  www.cio.com 


with  the  Fortune  100 


Combination 
of  vendors 
15% 


Other 

4% 

Microsoft  SQL 
Server 

8% 


IBM  DB2  on 
Unix/NT 
3% 


IBM  DB2  on 
the  mainframe 
19% 


Oracle 

51% 


More  than  half  of  the  Fortune  100  run 
Oracle  as  their  primary  database. 


Source: The  FactPoint  Group,  April  2002  Oracle. COITl/ad 

or  call  1.800.633.1062 


Copyright  ©2002  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation. 
Other  names  may  be  trademarks  of  their  respective  owners. 


CREATE 

NEW  SERVICES 


IDENTITY 
AND  SECURITY 


On  the  road  to  Web  services, 

you  gotta  protect 
your  customer 
identities. 

You  hear  that? 


Sun  ONE 
Identity  Server 


The  fastest  road 
to  leveraging  and 
protecting  your 
corporate  assets. 


ifi 

sSfc.  Oft 


11^381 


Sun  ONE 
Directory  Server 


DEPLOY 

SERVICES 


/S#Q02  Sun  Microsystems,  Inc.  All  rights  reserved.  Sun,  Sun  Microsystems  and  the  Sun  logo  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  United  States  and  other  countries. 


Sun  ONE 

Open  Net  Environment 


Reports  from  the  road:  Textron. 

With  diverse  businesses  in  aerospace,  industrial, 
telecom  and  other  industries,  Textron  needed  to 
simplify  network  identity.  Sun  ONE  Directory  Server 
helps  them  gain  enterprise  efficiency,  to  deliver 
better  information  to  the  right  employees,  partners 
and  customers. 


4iip 


Sun’s  associates  for  the  ride. 

Sun  teams  with  some  of  the  best  systems  integrators 
in  the  business  providing  the  knowledge  and  experi¬ 
ence  you  need  to  develop  and  implement  identity 
and  security  policies  on  the  Sun  ONE  Directory  Server 
today:  Cap  Gemini  Ernst  &  Young,  Deloitte  &  Touche, 
EDS,  PricewaterhouseCoopers  and  Schlumberger. 


Buy  the  Sun  ONE  Directory  Server 
and  get  25%  off  the  purchase  price. 
www.sun.com/ident 
Offer  expires  July  29,  2002. 


Safeguard  your  own  customer  or  employee  directories  with  SunONE  Directory 
Server  and  Sun  ONE  Identity  Server. 


The  first  stop  on  the  road  to  building  out 
your  Web  services  platform  is  determining 
your  identity  management  strategy.  After 
all,  customers  are  your  organization’s 
most  valuable  asset,  so  protecting  your 
directory  and  customer  profiles  must 
be  a  priority.  Now  you  can  get  ironclad 


protection  of  your  customer  data  with 
the  Sun™  ONE  Directory  Server  and  Sun  ONE 
Identity  Server.  That’s  because  Sun  ONE 
is  built  to  the  highest  security  standards, 
so  that  your  data  stays  safe  from  hackers 
and  viruses.  It’s  how  60  of  the  Fortune  100 
help  protect  their  customers. 


We  make  the  net  work. 


WEB 

>con 


nnections 


v 


WEIGH  IN 

Will  CRM-generated  health  plans 
lead  to  rationing? 

In  CIOs  at  the  Heart  of  Health-Care  Change  (Page 
88),  Senior  Writer  Scott  Berinato  reports  that  CRM  is 
being  used  to  try  to  fix  the  broken  health-care  system. 

But  some  in  the  medical 
community  fear  the  use 
of  technology  will  only 
lead  to  patient  discrimi¬ 
nation.  What  do  you 
think?  Is  technology  the 
good  guy  or  the  bad  guy 
here? 

David  Goltz,  CFO  and  interim  CIO 
of  Destiny  Health 
Find  links  to  these  stories  in  the  Web  Connections  box  at  www.cio.com. 

Our  Daily  Web 

Monday  Tech  Tact  Technology  Editor 
Christopher  Lindquist  covers  what’s  coming. 

Tuesday  Quick  Poll  Read  what  CIOs  think 
about  current  IT  issues. 


WEDNESDAY  Metrics  Web 

Writer  Jon  Surmacz  makes 
sense  of  the  numbers. 

THURSDAY  Sound  Off  Web 

Editorial  Director  Art 
Jahnke  opines  on  ethical 
dilemmas. 

Friday  The  Big  Picture  Charts  and  graphs 
worth  1,000  words. 


TALK  BACK 

Is  large-scale  outsourcing 
unworkable  in  the  public 
sector? 

From  California  to  Connecticut,  state  and  local 
governments  have  tried  to  go  the  outsourcing 
route  (You  Can’t  Outsource  City  Hall,  Page  66). 
But  it  hasn’t  worked.  Are  such  projects  doomed  to 
failure?  Tell  us  what  you  think. 

ASK  THE  AUTHOR 

Test  your  political  savvy 

Do  you  know  how  to  convince  your  opponents  and 
sway  the  undecided?  Ronald  Heifetz  and  Marty 
Linsky  (Managing  People  Politics,  Page  96), 
authors  of  the  new  book  Leadership  on  the  Line, 
will  field  your  questions  for  the  next  two  weeks. 

CIO  READER  POLL 


Are  you  ready  for 
transparency? 


Mohanbir  Sawhney  says  in  his  Net  Gains  (Page 
42)  column  that  companies  need  to  move  the 
conversation  with  customers  from  price  to  value 
by  going  open  kimono.  Are  you  ready? 


Peer  Resources 

E-mail  your  nontechnology  colleagues  the  follow¬ 
ing  stories  from  CIO's  online  sister  publication, 
Darwinmag.com. 

CIO's  How  to  Practice  Safe  B2B  (Page  52) 
outlines  ways  to  keep  you  and  your  exchange 
partners  secure.  Darwinmag’s  Executive  Guide  to 
B2B  goes  through  the  basics. 

Do  your  peers'  eyes  glaze  over  when  API, 
TCP/IP  and  VPN  trip  off  your  tongue?  Send  them 
to  Darwinmag’s 


Glossary. 

Find  these  articles  on 

www.darwinmag.com 
or  go  to  www.cio.com/ 
printlinks. 


12  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  TOP  LEFT  BY  JEFF  SCIORTINO 


Cognos  —  the  business  intelligence  inside 
the  world's  most  intelligent  businesses. 


O 


MARKETING 


VIGNETTE 


Are  >ou  managing  content  or  managing  chaos?  Your  enterprise  could 
Content  Management  is  no  longer  an  elective  Web  strategy.  Vignette 
and  man)  others  unify  their  Web  strategy.  Find  out  how  Vignette  can 


SALES 

X'  *  .  t-*  **4k  ‘ .  V"  i»s  *  *  •  ?  >>  ■/  ■.  '  *  r* ;  *  •*>»  *  v  •  S’ j  -  •  •  ..  . 

:  :;  ..•  •  •<  •  •  •  5:s  •  ..  ■  .  -■  •  -■  .  >S 

•'  :■  '  ;  •.  .  - 

MANUFACTURING 

- — — - - 

/ 


«VV  *- 


\‘V 


i  '  •>  ;  >  a 


:  V 

•  S3  f>  •  -'v  V  -  ,jcV*T,  fo; 

,  -  ..  „  .■•  »-K'  t 

'  ••  ^  V*-'V  i--V  -Hr'l'f-5.  A- A 


-  ■  av.  x  .v  /v,.;-  *  r^'- 4Z/V<r-  ■ 

•  .  O'  ■»  r  •  3  \  >5  l»l?  \  <h '  ■  '&•* 

'  j,  twf'*;-* :  -• 

•'.W-.’-*,  i  ■  \  -v  ■'  1-^-i 

'  '  '  S’*’  r '  '  *  ••'  ■  ■  •  I.;  \  , 

•**}-  '■■■'•  *  i 


'  •Jr*  *',  vc.  .  ••  <> urv  •••  v  »r- 1  *  vv> nit  iV  ;  -  ^  ’  t-  - *  , e- 

' -i'  *?.  /  «***«•  •  h  •  gV*  ••  ••  «  •  ’i  :  • 1  '.•  *“«.'•» ' VV*  ’’  •'  •  J 

*2i'  *r  \  -  ♦  :/• 

*  A  •.  -L'  •w'-mi  /  V  •  V;  %  v»  ;  .vJFn.4",  ,v  . .  •  ■.  *.  ^  t  ^  ^  j  # »  V4  ^  »  v\'  ^ xll 

P  V  >1  ■  i V  »  -V’ '  ■*  •  •  .'  >'  .:■■•  V.  ■'*■-■  >  '■  ^  .'rit-  i>  «  A  '  1  *'■  ’  M  (V’  *a 

•  ■  ■  *  j.  I-  •>  •'  ^  ‘  *l  *  ►*».  »  ,  t*  -  '  _  rf.  ‘  Ak.  .*  *  *  & 

^JA  .:>  -  iv  '  k-  .V  ;?SfV  /  if.V-  ' 


be  crippled  by  its  inability  to  manage  information  that’s  locked  in  silos  across  your  organization. 
e  las  helped  leaders  like  The  Wall  Street  Journal  Online,  J.D.  Edwards,  T.Rowe  Price,  Sun  Microsystems 
lelp  your  business  initiative  by  requesting  the  “Best  Practices”  CD  at  www.vignette.com/cio/silos. 


Copyright  2002  Vignette  Corporation.  Alt  rights  reserved  Vignette  and  the  V  logo  arc  trademarks  or  registered  trademarks  of  Vignette  Cor|»r«ition  in  the  United  Statos  and  other  countries. 

Syn,  Sun  Microsy9toms,  and  the  Sun  logo  are  trademarks  or  registered  trademarks  of  Sun  Microsystems.  Inc.  in  Iho  Untied  Slates  and  other  countries. 


From  the  Editor 

lundberg@cio.com 


x 

You’ll  find  a  wealth 
of  information  on 
B2B  e-commerce  at 

www.cio.  com/research/ 
ecZb2b.html. 


Powers  of 
Persuasion 


MOST  PEOPLE,  DEEP  DOWN,  have  a  solid 
streak  of  optimism  that  drives  them  to  feel  hope¬ 
ful  about  the  future.  It’s  what  gets  us  up  in  the 
morning,  even  when  life  turns  uncertain  or  scary 
or  grim.  It  paints  our  reality  in  colors  and  shapes 
more  pleasing  than  what’s  actually  before  us.  If 
you  don’t  believe  me,  go  house-hunting  with  a 
friend  and  listen  to  her  describe  not  the  dark  cabi¬ 
nets  in  the  ill-lit  kitchen  of  today  but  the  bright,  airy 
family  center  of  her  dreams. 

That  optimism  fosters  imagination,  a  uniquely 
human  trait.  Imagination  drives  our  creativity,  our 
ambition  and  our  urge  to  build  things,  whether 
houses,  companies  or  information  systems. 

What’s  usually  missing  from  the  exciting  images 
we  construct  in  our  heads  are  all  the  details  of  what 
we’ll  need  to  do  in  order  to  execute  our  dream. 
Sure,  we  know  we’ll  have  to  work  hard,  and  it  will 
take  time  and  money,  but  we  simply  can’t  enter¬ 
tain  all  the  minute  details  and  daily  tasks  we  must 
tackle  before  we  realize  our  goal.  Even  if  our  mind 
could  conceive  and  contain  it,  our  optimism  would 
smooth  the  edges  and  veil  the  realities  in  mist — or 
we’d  never  begin. 

That,  I  imagine,  is  how  many  of  today’s  B2B 
efforts  began.  Manufacturers  and  retailers  had  a 


vision  of  the  way  things  could  be  if  goods  and  pay¬ 
ments  and  the  associated  information  could  move 
effortlessly  between  them  and  their  trading  part¬ 
ners — and  it  was  good.  When  the  technology  to 
make  that  happen  came  along,  people  started 
building  with  a  vengeance. 

Two  things  happened  along  the  way.  B2B  cham¬ 
pions  realized  that  many  of  their  partners  didn’t 
exactly  share  their  enthusiasm  for  the  new  way  of 
doing  things.  And  of  those  who  did,  few  under¬ 
stood  their  role  in  creating  and  maintaining  a  secure 
setting  for  that  activity. 

So  while  a  lot  of  the  infrastructure  for  low- 
cost,  seamless  online  trading  exists  today,  much 
of  the  hard  work  remains  to  be  done.  It’s  not 
technical  work.  It’s  not  even  contract  work.  It’s 
exerting  your  influence  and  powers  of  persua¬ 
sion  over  the  people  and  companies  you  do  busi¬ 
ness  with.  It’s  change  management  and  relation¬ 
ship  building.  It’s  about  setting  expectations  and 
monitoring  compliance.  It’s  getting  on  the  phone 
and  meeting  face-to-face. 

And  it’s  the  focus  of  our  special  report  on  mak¬ 
ing  B2B  relationships  work,  beginning  on  Page  52. 
Because  optimism  and  imagination  will  only  take 
you  so  far. 


16  CIO  JUNE  15,  2002 


www.cio.com 


PHOTO  BY  JASON  GROW/SABA 


Free-range  access  to  your  network  is  a  risk  you  may  not  know  you  are  taking. 


A  barnyard  fence  just  isn’t  enough.  You  need  to  guard  the  hen  house,  too.  To  protect  your  critical  applications  and 
resources,  you  need  a  Virtual  Private  Network  with  secure  access  control  that  goes  beyond  a  point-to-point  connection. 
AppGate™  PowerBox™  goes  further  by  extending  e-security  into  the  internal,  trusted  network,  all  the  way  from  the  users  to  the 
applications.  AppGate  provides  full  access  control,  allowing  an  enterprise  to  customize  access  so  you  know  who  has  access  to 
which  critical  applications  and  web  services.  Protective  boundaries  are  important.. .even  for  chickens. 

For  more  information,  visit  our  website  at  www.appgate.com  or  give  us  a  call  at  1-866-AppGate. 


(2  PPG  ATE 

■  ■  We  take  e-security  further 


TM 


AppGate  and  PowerBox  are  trademarks  of  AppGate  AB  and  AppGate  Inc.  ©2002  AppGate 


InBox 


Reader  Feedback 


IT’S  ABOUT  THE  PEOPLE 

In  Total  Leadership  [“Built  to  Last,”  April  1,  2002],  Patricia 
Wallington  addresses  management  of  the  IT  function  with  some 
very  pragmatic  advice.  Much  like  business  plans,  strategies  with 
lots  of  good  words  look  great  on  paper  and  stack  nicely  on  the 
shelf  in  neatly  bound  binders.  However,  at  the  end  of  the  day 
there  have  to  be  real  people  executing  the  plans  if  they  are  to 
be  achieved.  Reports  and  plans  are  great,  but  results  are  better. 

Rubin  Dubiansky  •  Rubin  Dubiansky  and  Associates  •  Toronto 


rubin.d@rogers.com 


MISSED  OPPORTUNITY 

The  economy  continues  in  low  gear 
with  glimmers  of  a  rebound.  We  are  at 
a  significant  inflection  point  for  the 
economy  and  IT.  And  it  won’t  be  busi¬ 
ness  as  usual  when  things  finally  stabi¬ 
lize.  When  the  new  economy  emerges, 
it  will  be  replete  with  new  IT  manage¬ 
ment  challenges.  Layoffs  continue  in 
abundance  for  some  sectors,  and  hir¬ 
ing  remains  low  for  all  sectors.  Sitting 
on  the  sidelines  today  is  the  greatest 
abundance  of  highly  skilled  senior  and 
middle  IT  managers  that  we  have  ever 
seen.  Companies  are  missing  out  on  a 
great  opportunity  to  tap  a  tremendous 
resource  of  IT  expertise  and  experi¬ 
ence  that  they  desperately  need  yet  are 
slow  to  realize.  The  company  you  save 
now  through  targeted  hiring  might  be 
your  own. 

William  J.  Reid 

Executive  Adviser 
Castle  Rock  Group 
Castle  Rock,  Colo. 
castlerockgroup@hotmail.  com 

TEACHING  ERP 

I  have  been  part  of  the  ERP  implemen¬ 
tation  industry  for  10  years  and  have 
been  personally  involved  in  at  least 
eight  large  implementations  during  this 
period. 


I  am  not  here  to  defend  the  ERP 
training  industry  in  general;  many  cus¬ 
tomer  organizations  just  do  not  get 
their  ERP  implementation  fundamen¬ 
tals  in  place,  and  training  is  just  a  small 
part  of  it. 

I  have  been  teaching  computer  and 
management  subjects  for  a  long  time, 
and  I  learned  the  following  from  my 
experience  as  a  teacher.  Training  and 
education  are  two  different  things; 
training  is  hands-on  while  education 
aims  to  build  an  understanding  of  the 
fundamentals.  ERP  is  a  paradigm 
shift  in  everything  that  the  organiza¬ 
tion  does,  and  if  the  training  is  going 
to  start  by  telling  what  a  screen 
means,  disaster  is  guaranteed.  There 
is  a  huge  gap  between  top-manage¬ 
ment  perceptions  and  operating  man¬ 
agement’s  understanding  of  why  ERP 
is  implemented.  Top  management, 
rightly,  thinks  that  this  is  the  way 
future  businesses  will  work.  The  mid¬ 
dle  layer  required  for  translating  the 
vision  into  concrete,  measurable 
activities  simply  doesn’t  exist  in 
many  cases. 

Buck  Kulkarni 

President 
Genesys 
White  Plains,  N.Y. 
buck.kulkarni@igenesys.com 


THE  TRUE  CXO 

Regarding  roles  within 
the  strategic  planning 
process  [“How  to  Suc¬ 
ceed  in  Strategic  Plan¬ 
ning,”  Hot  Seat, 
March  15,  2002], 
my  roles  vary  in 
that  I  work  for  and  with  multiple  orga¬ 
nizations.  In  one  position  I  am  acting 
chief  knowledge  officer  (CKO),  CIO 
and  CTO,  and  I  have  a  few  subordinate 
positions  and  roles  to  fulfill. 

As  a  corporate  officer,  I  am  charged 
with  assisting  the  other  corporate  offi¬ 
cers  to  exploit  the  intellectual  and  IT 
assets  for  the  benefit  of  shareholders.  In 
that  role,  I  advise  the  CEO,  COO  and 
CFO  as  to  what  is  feasible  with  current 
and  future  assets.  Second,  as  the  lead¬ 
ing  technology  officer,  I  look  for  ways  to 
exploit  technology  as  part  of  business 
strategy.  Third,  as  the  CKO,  I  am 
charged  with  the  design  and  execution 
of  our  strategic  planning  process  as  well 
as  our  strategy  deployment  process. 

Lastly,  as  the  CIO,  I  am  charged  with 
planning  and  managing  the  infrastruc¬ 
ture  and  technology  investments  the 
corporation  makes.  In  that  position  I 
also  fulfill  the  role  of  chief  architect  for 
the  corporation’s  infrastructure  and  IT. 

Brian  K.  Seitz 
CKO 

Realtime  Communications 
bseitz@rtcent.  com 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letters@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 


1  8 


CIO  JUNE  15,  2002 


www  .cio  .com 


PHOTO  BY  ALBERTO  CAPOLINO 


5  SfiiSSr 


vT'Cv 


rnmmmmm^ 


Enterprise  Security  by  Symantec.  Networks  protected.  Threats  neutralized.  Peace  of  mind  restored. 

Today's  new  threats  require  a  new  level  of  protection.  Symantec the  world’s  leading  security  software  company,  can  provide 
it.  Our  technology  includes  vulnerability  management,  intrusion  detection,  firewalls,  VPN,  content  filtering  and  virus  protection. 
We  offer  a  range  of  services,  from  consulting  and  education  to  fully  managed  security.  And  our  global  response  team  constantly 
monitors  and  creates  fixes  for  the  latest  threats.  Symantec  Enterprise  Security  is  a  complete  solution  that  can  keep  your 
company  running  smoothly  and  with  confidence.  For  a  free  copy  of  our  latest  White  Paper  “Top  Management's  Perspective  on 
Security’,’  visit  www.symantec.com/ses22  or  call  800-745-6054. 

Symantec 

*Hi'  iIMjMMi/k" »«**<•  *•**,«**&.:.■.  --  ■»>- - ...  >  1  'V,..,'  ' 

Symantec  and  the  Symartw  logo  are  US.  lesHtwhltrademartis  ©2002  Symani? Cor^Kuliillig'lSs fSSSffis  Galnei'  felaqi^',^W'&cSit»'^tirare1ljiwW'  Slws"'i*jfet  fettdnn  ttor!ieeri'>  revalue  in  7090 


f ?  *  Mill 

The  Magazine  for  Information  Executives 


President  &  CEO  Joseph  L.  Levy 
Publisher  Gary  J.  Beach 

Editorial  Director  Lew  McCreary 

EDITORIAL 

Editor  in  Chief  Abbie  Lundberg 
Deputy  Editor  Richard  Pastore 
Managing  Editor  David  Rosenbaum 
Managing  Editor,  Production  Cheryl  R.  Asselin 

Executive  Editors  Michael  Goldberg,  Christopher  Koch 
(Investigations),  Derek  Slater 

Leadership  and  Management  Editor  Edward  Prewitt, 
Opinion  and  Knowledge  Management  Editor  Megan 
Santosus,  Research  Editor  Lorraine  Cosgrove  Ware, 
Special  Projects  Editor  Mindy  Blodgett,  Technology 

Editor  Christopher  Lindquist 

Senior  Editors  Alison  Bass  (CRM),  Todd  Datz,  Alice 
Dragoon,  Sari  Kalin,  Elana  Varon  (B2B  E-Commerce) 

Features  Editor  Late  Low 

Senior  Writers  Scott  Berinato  (Security  and  Vendor 
Management),  Meridith  Levinson  (B2C  E-Commerce), 
Stephanie  Overby,  Susannah  Patton  (B2C  E- 
Commerce),  Sarah  D.  Scalet  (Security  and  Privacy) 

Staff  Writers  Simone  Kaplan,  Ben  Worthen 
Copy  Chief  Tom  Wailgum 

Asst.  Managing  Editor,  Production  Kathleen  S.  Carr 

Copy  Editors  Kelli  A.  Gauthier  (Assoc.), 

Emily  S.  Henderson,  Sarah  Johnson  (Assoc.) 

Research  Manager  Lynne  Z.  Rigolini 
Editorial  Resource  Manager  Carol  Zarrow 
Editorial  Assistants  Daniel  J,  Horgan,  Joe  Sullivan 
Special  Projects  Specialist  Cristina  Sousa 
Consulting  Editor  Janice  Brand 
Editor  at  Large  Jerry  Gregoire 

Contributors  Eric  Berkman,  John  J.  Ciulla,  Susan  H. 
Cramm,  John  Edwards,  Amanda  S.  Fox,  Ronald  A.  Heifetz, 


How  to  Reach  Us 

E-mail  letters@cio.com 
Phone  508  872-0080 
Fax  508  879-7784 

Address  CIO  Magazine,  CXO  Media  Inc., 

492  Old  Connecticut  Path,  P.O,  Box  9208, 

Framingham,  MA  01701-9208 

Website  www.cio.com 

Topic  Experts  www.cio.com/online_beats2.html 

Subscriber  Services  800  788-4605,  Fax  508  879-7899, 
E-mail  denisep@cio.com 

Rights  and  Permission  Andrew  Burrell  •  508  935-4785, 
E-mail  aburrell@cxo.com 

20  CIO  JUNE  15,  2002  •  www.cio.com 


Marty  Linsky,  David  L.  Margulius,  Mohanbir  Sawhney 

Editorial  Operations  Specialist  Julie  Hanson 

DESIGN 

Executive  Director,  Art  and  Design  Mary  Lester 

Art  Directors  Hana  Barker,  Terri  Haas,  Lisa  Munroe 

Associate  Art  Director  Owen  Edwards 

Senior  Designers  George  Lee,  Chandra  Tallman 

Designer  Kajaal  S.  Asher 

Associate  Designer  Alberto  Capolino 

Design  Group  Assistant  Rachel  Barnett 

WEBSITE 

Senior  VP/General  Manager,  Online  Tim  Horgan 

Web  Editorial  Director  Art  Jahnke 

Executive  Web  Editor  Martha  Heller 

Web  Editor  Sandy  Kendall 

Web  Writer  Jon  Surmacz 

Online  Technology  Director  Dagmar  Eiben 

Senior  Web  Developer  Ellen  Morey 

Online  Research  Manager  Kathleen  Kotwica 

Audience  Development  Manager  Andrew  Burrell 

Web  Developers  Diane  Chen,  Shannon  Macdonald 

Online  Content  Researcher  Tara  Gillet-Liloia 

Designer  Graham  White 

CIRCULATION 

Senior  VP/Circulation  Carol  A.  Spach 
Subscription  Svcs.  Manager  Denise  Perreault 
Subscription  Svcs.  Supervisor  Tina  Pescaro 

PRODUCTION 

VP/Manufacturing  Chris  Cuoco 
Production  Manager  Lee  Tuttle 
Ad  Production  Coordinator  Lisa  Stevenson 

EXECUTIVE  PROGRAMS 

VP  and  General  Manager  Ronald  L.  Milton 
VP,  Event  Marketing  Cynthia  Mollus 
Director,  Marketing  Services  Shellie  Rapson  James 
Manager,  Program  Operations  Brian  Fuce 
Manager,  Procurement/Tech.  Planning  Cynthia  Laird 
Manager,  Program  Development  Sherry  Keyles 
Event  Development  Specialist  Sandra  J.  Hughey 

Program  Applications  Specialists  Heather  Beauton 
(Senior),  Leah  Graves  (Assoc.) 

Senior  Program  Marketing  Specialist  Karen  Peabody 
Operations  Coordinator  Michael  Barbato 
Fulfillment  Services  Coordinator  Andrea  Harney 
Manager,  Event  Planning  Amy  Sanderson 


MARKETING 

Executive  VP/Marketing  Cathy  O’Leary  Hayes 
VP/News  and  Information  Susan  Watson 
Media  Relations  Manager  Karen  Fogerty 
News  and  Information  Assistant  Lori  Piscatelli 
Marketing  Research  Director  Bridget  Cammarata 
Marketing  Research  Manager  Carolyn  Johnson 
Sr.  Marketing  Research  Analyst  Dylan  DiGregorio 
Marketing  Comm.  Director  Sue  Yanovitch 
Sr.  MarCom  Development  Specialist  Kari  Curto 
Marketing  Comm.  Coordinator  Sarah  Crowley 

ADMINISTRATION 

Executive  VP/Operations  Walter  Manninen 

Executive  Assistant  to  the  President/CEO 

Diane  Martin 

Financial  Manager  Cynthia  Petrillo 

Jr.  Financial  Analyst  Hilary  Smith 

Billing  Administrator  Joyce  Gillis 

Facilities  Specialist  John  Kelley 

Office  Services  Coordinator  Mary  E.  Wooldridge 

INFORMATION  SYSTEMS 

VP/CIO  Rick  Broughton 

Infrastructure  Manager  James  C.  Burgoyne 
User  Services  Manager  Ron  Bettencourt 
Senior  User  Services  Specialist  Michael  Fahlsing 
System  Administrator  Robert  Reagan 
User  Support  Specialist  Jonathan  Frappier 

NEW  BUSINESS  DEVELOPMENT 

VP,  Business  Development  &  Strategic  Alliances 

Cheryl  M.  Hardy 

Coordinator,  Business  Development  Kelly  Gabe 

HUMAN  RESOURCES 

VP,  Human  Resources  Patricia  Reilly 
Human  Resources  Manager  Tanya  Bureau 
Human  Resources  Representative  Beth  Senges 


INTERNATIONAL  DATA  GROUP 
President  &  CEO  Kelly  Conlin 
Board  Chairman  Patrick  J.  McGovern 

wbpa 

T  international* 

©  CXO  Media  Inc. 


MOVING  YOUR  ENTERPRISE 
APPLICATIONS  TO  LINUX® 

TO  SAVE  MONEY? 

TALK  TO  COMPAQ 

AND  YOU  COULD  SAVE 

EVEN  MORE. 

Total  cost  of  ownership  is  the  best  way  to  compare. 
And  that's  where  Compaq  delivers.  We  have  the 
software  and  specialists  you  need  to  deploy  and 
manage  Linux  throughout  your  enterprise — faster 
and  easier.  We  have  2,000  specialists  on  the  ground 
with  more  Linux  experience  than  anyone  else.  Plus 
we  have  the  applications  your  enterprise  needs  and 
the  price  and  performance  that  Linux  solutions  on 
ProLiant™  servers  can  deliver.  Just  compare  us  and  see 
all  the  benefits  of  working  with  the  leader. 

www.compaq.com/linuxl 

COMPAQ. 

©2002  Compaq  Information  Technologies,  LP.  Compaq,  the  Compaq  logo  and  ProLiant  are  trademarks  of  Compaq  Information  Technologies,  LP.  in  the  U.S.  and  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds. 


Wireless  communication  requires  a  compatible  mobile  phone  or  modem  or  a  wirelessly  enabled  Palm  handheld 
and  the  Palm. Net  proprietary  service,  sold  separately.  Coverage  not  available  in  all  areas.  ©2002  Palm,  Inc.  All 
rights  reserved.  Palm. Net  is  a  registered  trademark  and  Palm  and  the  Palm  logo  are  trademarks  of  Palm,  Inc.  or  its 
subsidiaries.  Other  products  and  brand  names  may  be  trademarks  or  registered  trademarks  of  their  respective  owners. 


The  possibilities  for  mobile 
communications  are  infinite. 

At  Palm,  we  help  companies 
use  the  technology  to  deliver 
one  very  important  thing: 
results.  Like  streamlined  order 
fulfillment.  Or  simplified  access 
to  information.  Or  mobilized 
sales  forces.  With  the  help  of 
top  solutions  providers  that 


include  BEA,  IBM,  McKesson, 
and  Siebel  Systems,  Palm 
delivers  mobile  solutions  that 
make  sense  for  business.  For 
more  on  how  we've  helped 
deliver  results,  visit  us  at 
palm.com/enterprise  and 
read  our  customer  success 
stories  and  our  total  cost  of 
ownership  white  paper. 


I-  t  % 

I  r  i 

JLm,  ' :  .  A  ,  d 

rlieNEWtheHOT  fheUNEXPECT  E  D 


mes 


Edited  by  Lafe  Lo 


w 


DIGITAL  DIVIDE 

IT  Saves  School 


'A  • 


By  E 


nc 


Berkman 


IN  THE  FALL  OF  2000,  George  Westinghouse  High  School  in 
Brooklyn,  N.Y.,  a  drug-and-violence-ridden  urban  school,  re¬ 
invented  itself  as  “IT  High”  (see  “A  School  Grows  in  Brooklyn,” 
at  wunv.cio.com/printlinks).  Now,  more  than  a  year  later,  CIO  can 
happily  report  that  this  transformation  has  saved  a  school  and 
helped  prepare  the  next  generation  of  IT  leaders. 

Under  the  guidance  of  Principal  Jean-Claude  Brizard — and  with 
corporate  support  from  the  Securities  Industry  Automation 
Corp. — Westinghouse  is  finishing  its  second  year  of  preparing  eco¬ 
nomically  underprivileged  students  for  college  study  and  careers  in 
IT.  The  results  are  already  showing.  Since  the  program’s  inception, 
there  have  been  double-digit  improvements  in  English,  math  and 
history  test  scores.  Suspensions  have  dropped  300  percent  from 
three  years  ago.  The  new  emphasis  on  IT  is  clearly  helping  stu¬ 
dents,  although  it’s  too  early  to  judge  the  school’s  success  as  an 
IT  training  ground.  The  first  class  to  go  through  the  whole  three- 
year  program,  which  culminates  in  A+,  MCSE,  CIW,  AutoCADD 
or  Cisco  certification  as  well  as  a  high  school  diploma,  won’t  grad¬ 
uate  until  2003. 

Brizard  reports  that  last  year’s  seniors  are  doing  well.  “It’s  amaz¬ 
ing,”  he  says.  “About  80  percent  of  the  students  have  gone  on  to 
college.  And  we’ve  seen  happier  students. ..who  really  have  a 


Department 

^ of  BIG, 

Scary 

Numbers 


25%  of  business  travelers  have  reduced  air  travel.  30%  said 
personal  safety  concerns  or  family  members’  concerns  were  the 
main  reason  for  not  traveling.  70%  of  business  travelers  expect 
their  personal  safety  concerns  will  lessen  in  the  next  year.  21% 
said  they  will  never  feel  comfortable  about  their  loved  ones  fly¬ 
ing.  33%  of  those  travelers  who  have  reduced  their  schedules 
have  used  audio,  video  or  Web  conferencing  as  a  substitute. 
62%  said  they  plan  to  use  conferencing  more  next  year. 


SOURCE:  "MEETINGS  IN  AMERICA  IV:  THE  NEW  ROAD  WARRIOR, 
BY  TAYLOR  NELSON  SOFRES,  INTERSEARCH 


purpose 
and  under¬ 
stand  what 
wish  to  accomplish.” 

Graduates  have  secured  IT  positions  with  organizations  such  as 
AOL  Time  Warner,  the  New  York  City  transit  system  and  the 
New  York  City  Board  of  Education. 

The  program  has  generated  significant  buzz  in  the  education  world. 
School  boards  from  Buffalo  and  Baltimore  have  visited,  looking  to 

Westinghouse  as  a  model  for  IT 
high  schools  in  their  own  city.  The 
Information  Technology  Asso¬ 
ciation  of  America  invited  Brizard 
to  give  a  presentation  at  its  con¬ 
ference  in  Virginia,  and  a  number 
of  private  coiporations  and  finan¬ 
cial  institutions  have  expressed 
interest  in  providing  internships 
for  Westinghouse  students.  Still, 
Brizard  is  most  proud  of  the 
impact  the  school’s  transforma¬ 
tion  has  had  on  the  students. 
“They  now  feel  in  control  of  their 
future  and  destiny,”  he  says. 


24  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  BY  WALTER  SMITH 


salesforce.com 

#1  CRM.  NoSoftware. 


CRM  Technology  of  the  Year 


'  2  0  0  1 

InfoWorld 

t££Hi4&L&&Y 

4xL. 

\£AH 


Infoworld  1/31/2002 


Best  CRM  2002 


Software  &  Information  Industry 
Association  Codie  Award  4/16/2002 


5  Stars  out  of  5  Stars  2001  &  2002 


E,An  Overall  Rating  of  Excellent" 


MAGAZINE 


Saiesforce.com 
Sai@sforce.com,  Inc. 


PC  Magazine 


Top  10  CRM  Installations  2001  &  2002 

j^petdeen  Gr0u  ►  Aberdeen  Group 

(^What  Works' 

C>^TopTe7^ 


4,500  enterprises  use  salesforce.com  to  manage  their  CRM  worldwide. 
Last  year  we  added  more  CRM  customers  than  Siebel,  SAP,  PeopleSoft  and  Oracle  combined. 

►  See  for  Yourself  -  Sign  up  for  a  FREE  Test  Drive  Today! 

Visit  WWW.salesforce.com  and  enter  code  DA0602. 


You  can  always  call  us  at  1.800. NO  SOFTWARE. 


C  I  o 


ROLE 


lines 


Survey  Says:  Deliver  ROI 

By  Lorraine  Cosgrove  Ware 


THE  FORWARD-LOOKING,  visionary 
CIO  may  be  out  of  style  for  the  moment. 
A  visionary  CIO  is  one  who  asks  where 
the  business  is  going  and  envisions  how 
to  apply  technology  three  to  five  years  out, 
according  to  John  J.  Davis,  president  of 
New  York  City-based  executive  search 
firm  John  J.  Davis  &  Associates.  “This 
presupposes  that  the  business  is  looking 
ahead  three  to  five  years,  which  may  not 
be  the  case  right  now.”  In  fact,  the  CIO 
most  likely  to  get  hired  now  is  pragmatic, 
diagnostic  and  has  a  proven  track  record 
of  delivering  on  time  and  on  budget. 

A  recent  survey  of  138  business  exec¬ 
utives  conducted  by  Darwinmag.com,  an 
online  sister  publication  to  CIO,  found 
that  while  businesses  still  expect  IT  to 
help  them  stay  ahead  of  the  competition, 
they  also  rely  on  IT  to  improve  the  bot¬ 
tom  line.  Darwinmag.com  panelists  indi¬ 
cated  the  top  goals  for  IT  in  the  coming 
year  are  to  increase  competitive  advan¬ 
tage,  reduce  cost  and  improve  efficiency, 
in  that  order.  Executives  listed  more 
externally  focused  goals  for  the  previous 


year,  including  empowering  employees 
with  access  to  information  and  improv¬ 
ing  customer  service.  When  asked  how 
executives  determine  whether  IT  is  deliv¬ 
ering  value,  the  panelists  in  the  December 
and  January  polls  consistently  listed 
reduced  cost  and  improved  productivity. 

“A  few  years  ago,  CIOs  were  guiding 
organizations  into  the  future.  Now  the 

Greater 
Expectations 


focus  is  on  return  for  shareholders  and 
improving  business  processes  today,  not 
12  months  down  the  road,”  he  says. 
Still,  the  visionary  CIO  will  be  back  in 
vogue  one  day,  according  to  Davis. 
“CIOs  have  to  have  both  visionary  skills 
and  delivery  skills.  The  visionary  skills 
are  just  not  being  called  upon  strongly 
right  now,”  he  says. 


What  were  the  top  three  What  are  the  top  three 

goals  or  expectations  from  goals  or  expectations 

IT  during  the  past  year?  from  IT  for  the  next  year? 


Empower  employees  with  access  to  information 

50% 

28% 

Create/increase  competitive  advantage 

43% 

46% 

Improve  customer  service 

43% 

37% 

Reduce  cost  of  doing  business 

41% 

43% 

Improve  efficiency 

41% 

41% 

Improve  employee  productivity 

35% 

35% 

Empower  customers  with  access  to  information 

26% 

31% 

Generate  more  revenue 

21% 

34% 

Other 

4%  ■ 

6% 

SOURCE:  DARWINMAG.COM,  AN  ONLINE  SISTER  PUBLICATION  TO  CIO.  JANUARY  2002. 
FOR  THE  LATEST  POLL,  VISIT  WWW2.DARWINMAG.COM/LEARN/RESEARCH. 


E-BUSINESS 


STRATEGIES 


The  Doctor 
Is  In— Always 


By  Megan  Santosus 

ENDLESS  PHONE  TAG,  after-hours 
messages  left  with  an  answering  service, 
disjointed  conversations — there  must 
be  a  better  way  for  patients  to  corre¬ 
spond  with  their  doctors. 

Well,  there  is,  at  least  as  far  as  the 
patients  are  concerned:  e-mail.  Ninety 
percent  of  doctors  use  it,  according  to  a 
2001  national  survey  of  physicians  con¬ 


ducted  by 
Medem,  a  San 
Francisco-based 
provider  of  online  com¬ 
munications  and  services  for  the  med¬ 
ical  industry.  The  problem  is  that  only 
10  percent  of  those  physicians  use  e-mail 
for  corresponding  with  patients. 

Continued  on  Page  28 


26  CIO  JUNE  15,  2002  •  www.cio.com 


ILLUSTRATION  BY  CLAUDIA  NEWELL 


The  remarkable  innovation  of  Canon  imageRUNNER.  The  unrivaled  heritage  of  Canon  color.  Both  are  available 
in  one  brilliant  solution.  The  amazing  Color  imageRUNNER  C2050.  A  fully-connected,  network-compatible, 
21  page-per-minute*  wonder.  It  expands  your  color  capabilities,  so  you  can  create  professional-quality, 
finished  documents  —  in  full  color  or  black-and-white  —  right  from  the  desktop.  At  Canon,  we're  giving  people 
the  know-how  to  bring  office  documents  to  a  colorful  new  level. 


Check  with  your  local  Canon  authorized  dealer  for  more  information  on  network  compatibility, 
•letter-sized. 


Canon 


KNOW  HOW 


I  o  I  o  r 

mageRUNNER1 


Call  1-866-EZCOLOR 
or  visit  www.usa.canon.com 


After  extensive  research,  we 


finally  found 


l0t 

Marketing  _ 
and  Sales 

t  Comprthenme  Program 


improvement. 


room  for 


^  Motm  wwl<lv.Klf.  inf 

Marketing 
and  Sales 

A  Comprehensive  Program 


^^Kdotcn 


;cn  Worldwide,  In 


Marketing 
and  Sales 


A  Comprehensive  Program 


Color 

imageRUNNER 
C  2  D  5  0 


trendlines 


The  Doctor  Is  In 


Continued,  from  Page  26 

Ed  Fotsch,  Medem’s  CEO  (who  is  an  MD), 
says  that  resistance  comes  from  doctors’  pre¬ 
occupation  with  “love,  loot  and  limited 
liability.”  E-mail  has  yet  to  enhance  the  doc¬ 
tor-patient  relationship  (love),  it  can  lead  to 
more  work  without  reimbursement  (loot), 
and  insurance  carriers  have  not  adequately 
addressed  issues  of  security,  privacy  and  cov¬ 
erage  (limited  liability). 

By  providing  secure  communications  net¬ 
works  with  provisions  for  authentication  and 
encryption,  Medem  and  other  companies  such 
as  Healinx  and  Requesthealth.com  hope  to 
usher  in  a  new  age  of  doctor-patient  electronic 
communication.  Besides  free  services  such  as 
prescription  refills,  referrals  and  appointment 
requests,  secure  network  providers  could  facil¬ 
itate  online  consultations  and  second-opinion 
services  for  which  patients  or  their  insurers 
would  pay.  According  to  the  results  of  Medem’s 
survey  and  other  similar  studies,  30  percent  of 
patients  are  willing  to  pay  an  online  consulta¬ 
tion  fee  of  $20  to  $30  per  e-mail  con¬ 
sultation.  Since  patients  avoid  taking 
time  off  from  work  and  paying  for 
gas  and  parking,  “that  price,  even 
if  it’s  entirely  out  of  pocket,  is  a 
bargain,”  says  Fotsch. 

Pediatrician  Eugenia  Marcus  of 
Newton,  Mass.,  receives  six  to  10 
e-mails  from  patients  each  day.  “It’s 
a  huge  benefit  to  me  because  I  can  han¬ 
dle  so  many  more  questions  in  the  same 
amount  of  time,”  she  says.  At  the  moment, 
Marcus  uses  e-mail  to  answer  routine  ques¬ 
tions.  Later  this  year  she’ll  start  using  Request- 
health. corn’s  secure  network,  through  which 
her  practice  will  offer  patients  access  to  elec¬ 
tronic  medical  records  and  fee-for-service  con¬ 
sultations.  (Marcus  serves  as  a  consultant  to 
Requesthealth.com.)  Although  insurance  pay¬ 
ments  are  yet  to  be  settled,  Marcus  is  certain 
many  patients  will  pay  for  online  consultations 
themselves.  After  all,  they’d  be  saving  them¬ 
selves  time  and  money. 

feedback _ 

Responses  or  ideas  for  Trendlines? 

E-mail  Features  Editor  Lafe  Low  at 
llow@cio.com  or  Executive  Editor 
Michael  Goldberg  at  mgoldberg@cio.com. 


United  We  Crunch 


By  Lafe  Low 

EXAMINING  MORE  than 
3  billion  molecules  to  determine 
which  ones  might  treat  a  partic¬ 
ular  disease  sounds  like  a  life¬ 
time’s  work,  but  the  Anthrax 
Research  Project  (ARP)  wrapped 
up  just  such  a  massive  screening 
in  24  days.  Of  the  nearly  3.6  bil¬ 
lion  molecules  analyzed,  the 
project  identified  more  than 
376,000  as  candidates  for  treat¬ 
ing  the  anthrax  virus,  which  would 
render  it  ineffective  as  a  weapon. 

The  ARP  functions  in  a  similar 
fashion  to  the  Mountain  View, 
Calif.-based  nonprofit  Search  for 
Extraterrestrial  Intelligence  (SETI) 
project,  which  recruits  individual 
computer  users  to  share  their  un¬ 
used  processing  power  to  help 
analyze  radio  signals.  Users  down¬ 
load  a  program  that  kicks  in  as  a 
screen  saver  and  crunches  num¬ 
bers  to  contribute  to  signal  analysis 
for  signs  of  extraterrestrial  activ¬ 
ity.  With  funding  from  Intel  and 
Microsoft,  ARP  similarly  tapped 
into  unused  computing  power  in 
the  user  community  of  Austin, 
Texas-based  United  Devices.  Users 
downloaded  a  screen  saver  that 
used  the  computers’  spare  process¬ 
ing  power  to  crunch  numbers.  The 
network  of  volunteers  essentially 
created  a  massive  supercomputer. 
Once  each  packet  of  data  had  been 


The  massive  computing  power 
of  Anthrax  Research  Project 
helped  analyze  nearly  3.6  billion 
molecules  in  just  24  days. 

analyzed,  the  program  returned 
the  results  to  United  Devices’  data 
center  and  retrieved  a  new  packet 
of  data  for  processing. 

“Had  we  done  this  using  tradi¬ 
tional  methods,  it  would  have 
taken  years  instead  of  less  than  four 
weeks,”  says  Graham  Richards, 
chairman  of  the  Oxford  University 
Chemistry  Department  and  direc¬ 
tor  of  the  National  Foundation  for 
Cancer  Research  Center  for  Com¬ 
putational  Drug  Design.  Oxford 
University  researchers  presented 
the  findings  to  government  officials 
at  a  ceremony  in  Washington, 
D.C.,  last  March.  The  Anthrax 
Research  Project  wrapped  up  the 
screening  phase  in  24  days,  finish¬ 
ing  on  Valentine’s  Day. 


DURING  THE  ANTHRAX  RESEARCH  CRUNCH: 

>5,436  compute  years  were  consumed 

(47,621,948  hours). 

>  If  joined,  the  computers  involved  could  process 
60  tri  I  lion  floating  point  operations  (60  teraflops) 
every  second. 

If  the  world’s  U  fastest  supercomputers  had  been 
combined  for  this  task,  processing  would  have  taken 
nearly  twice  as  long. 


2  8  CIO  JUNE  15,  2002 


www.cio.com 


PHOTO  BY  GETTY  ONE  IMAGES 


-  '  /. 


WHAT  KIND  OF  DECISIONS  DO  YOU 


MAKE  IN  HOLLYWOOD? 


IF  YOU'RE  fox;  ENTERTAINING  ONES. 


But  you  need  the  right  information  first. 
Fox  Filmed  Entertainment  knows  this. 
That's  how  they've  become  one  of 
the  most  successful  creators  and 
distributors  of  blockbuster  films  in  the 


world.  And  that's  why  they  chose 
Crystal  Decisions™.  Our  web-based 
reporting,  analysis  and  information 
delivery  technology  helps  Fox  track 
critical  business  information  through 


distribution  channels  and  leverage 
that  information  to  make  smarter 
decisions.  With  over  10  million  licenses 
shipped,  and  partners  including  SAP  " 
and  Microsoft";  we've  proven  our 


solutions  deliver  information, 
cut  costs  and  improve  productivity. 
Want  to  learn  more?  Visit:  www. 
crystaldecisions.com/ent/006/, 
or  call  1-866-821-3525. 


Access.  Analyze.  Report.  Share/  crystal  decisions ■« 


A  SEAGATE  COMPANV 


•This  level  of  availability  is  dependent  on  many  factors  outside  of  the  operating  system,  including  other  hardware  and  software  technologies,  mission-critical  operational  processes,  and  professional  services.  "^Source:  Transaction  Processing  Performance  Council, 
May  2002.  ©  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


Get  your  infrastructure  ready 

for  anything.  You’ve  got  relentless  hackers, 
massive  usage  spikes,  24/7/365  demands,  big 
CEO  requests,  etc.,  etc.,  etc.  What  is  going  on  here? 
This,  of  course,  is  today’s  unpredictable  business 

environment.  In  this  environment,  where _ 

can  happen  at  any  moment,  you  need  to  keep 
your  infrastructure  prepared  for  anything  and 
everything.  And  that  is  exactly  what  the  Microsoft 
platform  is  designed  to  help  you  do.  Here’s  how: 


1 1  ft  ti  *  i  i  if  if  f  i||jn  tit  tf  ifffitfif  f  fti| 


Security:  The  Microsoft  platform  enables  a 
secure  infrastructure  through  built-in  encryption, 
authentication,  and  access  control  that  can  be 
centrally  managed  and  integrated. 


Scalability:  The  Microsoft  platform  scales  to 
handle  your  most  demanding  workloads.  And  it 
has  the  lowest  price-to-performance  ratio  of  any 
competitive  platform/ 


Reliability:  With  the  right  investments  in 
people,  processes,  and  the  technology  of  the 
Microsoft  platform,  along  with  established  best 
practices  and  support  from  Microsoft’s  industry 
partners  (including  fault-tolerant  systems  vendors), 
customers  are  able  to  build  solutions  for  up  to 
99.999%  service  availability* 


In  addition,  the  Microsoft  platform  delivers  the 
interoperability  and  manageability  your  infra¬ 
structure  needs  to  handle _ .  For  more 

information  on  howto  prepare  your  infrastructure 
for,  well,  anything,  visit  microsoft.com/enterprise 
Software  for  the  Agile  Business. 


Microsoft 


trendlines 


Off  the  Shelf 


Edited  by  Carol  Zarrow 


Leading  Teams 

First  Among  Equals:  How  to  Manage  a 
Group  of  Professionals 

By  Patrick  J.  McKenna  and  David  H.  Maister 
The  Free  Press,  2002,  $26 

CIOs  who  oversee  flat  organizations — 
which  is  to  say,  a  lot  of  CIOs  today — would 
do  well  to  give  this  book  to  IT  workers 
whom  they’ve  designated  “team  leaders.” 
That  common  title  and  its  synonyms  con¬ 
fer  responsibility  without  granting  corre¬ 
sponding  authority,  making  it  a  difficult 
position  at  best.  That  said,  McKenna  and 
Maister — a  consultant  for  and  expert  on 
professional  service  firms,  respectively — 
quickly  make  the  case  for  the  great  impor¬ 
tance  of  good  leadership  to  the  functioning 


The  Examined  Web 

Small  Pieces  Loosely  Joined: 

A  Unified  Theory  of  the  Web 

By  David  Weinberger 
Perseus  Publishing,  2002,  $25 


Socrates  suggested  the  unexamined  life  is 
not  worth  living.  Small  Pieces  Loosely 
Joined  extends  that  maxim  to  include  vir¬ 
tual  life  as  well. 

Weinberger,  coauthor  of  The  Cluetrain 
Manifesto ,  delves  into  the  inner  workings 
of  the  World  Wide  Web— not  routers  or 
HTML,  but  the  social  construction  of  the 
Web  and  how  it  functions  within  (or  in 
some  cases  beyond)  the  perceived 
limits  of  space,  geography  and 
time.  Drawing  together  ele¬ 
ments  of  philosophy,  sociol¬ 
ogy,  psychology  and  even 
physics,  he  plays  tour 
guide  to  the  Web,  its 
history  and  its  por¬ 
trayal  in  the  media. 

Weinberger  bal¬ 
ances  some  of  his 
less  tangible  points  with 
real-life  illustrations  and  includes 


of  teams.  The  rest  of  the  book  is  a  thorough 
how-to  on  being  a  good  team  leader.  With 
checklists  and  useful  examples,  the  authors 
show  how  to  lay  the  groundwork  for  lead¬ 
ing  one’s  peers,  how  to  work  with  individ¬ 
uals  and  groups  alike,  and  how  to  measure 
success.  First  Among  Equals  covers  special 
situations,  such  as  dealing  with  under¬ 
achievers  and  prima  donnas,  and  integrating 
new  team  members  success- 

car  •’  •  ■?.  . . 

fully.  But  the  usefulness  of 
this  book  lies  in  its  appli¬ 
cability  to  a  challenge 
that  most  everyone 
faces  at  some  point: 
how  to  get  a  team 
to  work  well. 

-Edward  Prewitt 


conversations  with  and  anecdotes  from  the 
creators  of  HTML,  the  Internet  and  the 
Web.  He  visits  the  roles  of  permission  and 
privacy  in  the  new  environment  and,  to 
some  extent,  their  resulting  effects  on  com¬ 
merce.  Thought-provoking  but  not  super¬ 
charged,  Small  Pieces  Loosely  Joined’s  epis¬ 
temological  trek  over  the  terrain  of  the  Web 
is  a  stimulating  enough  read  but  hardly  the 
trove  of  originality  or  probing  insight  it 
promises.  -Amanda  S.  Fox 


CIO  Best-Seller  List 


5Gung  Ho!  Turn  On  the  People  in  Any 
Organization 

By  Kenneth  H.  Blanchard 
William  Morrow,  1997 


4  The  HR  Scorecard:  Linking  People, 
Strategy,  and  Performance 

By  Brian  E.  Becker,  Mark  A.  Huselid  and 
Dave  Ulrich 

Harvard  Business  School  Press,  2001 

3  Creative  Destruction:  Why  Companies 
That  Are  Built  to  Last  Underperform 
the  Market— And  How  to  Successfully 
Transform  Them 

By  Richard  Foster  and  Sarah  Kaplan 
Doubleday,  2001 

2  Now,  Discover  Your  Strengths: 

The  Revolutionary  Program  That  Shows 
You  How  to  Develop  Your  Unique  Talents 
and  Strengths— And  Those  of  the  People 
You  Manage 

By  Marcus  Buckingham  and  Donald  0.  Clifton 
The  Free  Press,  2001 


1  First,  Break  All  the  Rules:  What  the 

World's  Greatest  Managers  Do  Differently 
By  Marcus  Buckingham  and  Curt  Coffman 
Simon  &  Schuster,  1999 

SOURCE:  APRIL  2002  DATA. 

COMPILED  BY  AMAZON.COM.  SEATTLE 


THE  NEW  BOOKSHELF 

" Successful  investment  in  technology 
requires  investment  in  a  host  of  other 
intangibles,  notably  work  processes, 
human  capital  and  workplace  organization. 
Technology  alone  rarely  provides  a  com¬ 
pany  with  a  competitive  edge.  Technology 
complemented  by  investments  in  intangi¬ 
bles  does— or  at  least  it  can V 

From  Invisible  Advantage:  From  Innovation 
to  Reputation— How  Intangibles  Are  Driving 
Business  Performance,  by  Jonathan  Low 
and  Pam  Cohen  Kalafut  (Perseus 
Publishing,  June  2002) 


“ Information  becomes  more  valuable  the 
more  it  is  used,  and  if  nurtured,  generates 
new  value  over  time,  becoming  more 
useful  as  a  source  of  new  products  and 
services.  Your  supply  of  invisible  capital 
does  not  obey  the  laws  of  thermodynam¬ 
ics.  In  the  information  revolution,  strategy 
is  a  machine  powered  by  information 
assets.  Strategy  is  perpetual ." 

From  The  Strategy  Machine:  Building 
Your  Business  One  Idea  at  a  Time,  by 
Larry  Downes  (HarperCollins  Publishers, 
June  2002) 


3  2  CIO  JUNE  15,  2002 


www.cio.com 


PHOTOS  BY  ALBERTO  CAPOLINO 


ILLUSTRATION  BY  DAVID  CUTLER 


ENTERPRISE  PMRTALS: 


Gateways 

12  Mission  Critical 

INFORMATION 


It  is  clear  that  we  are  all  drowning  in  a  sea 
of  information.  The  challenge  is  to  learn  to 

swim  in  that  sea,  rather  than  drown  in  it. 

-  from  a  study  by  University  of  California,  Berkeley  School 
of  Information  Management  and  Systems 


Unfortunately,  when  most 

people  dig  into  their  enter¬ 
prise’s  data  repositories  for 
critical  nuggets  of  informa¬ 
tion,  they  Find  themselves  over  their 
heads.  They  are  flooded  with  too  much 
information,  or  too  little. 

For  CIOs  chartered  with  helping 
users  to  easily  find  what  they  are  looking 
for,  web-based  portals  provide  a  robust 
solution  to  this  vexing  problem.  But  this 
answer  goes  far  beyond  simply  launching 
a  rudimentary  intranet  that  provides 
users  with  access  to  the  company’s  data 
warehouse. 

To  obtain  real  value  from  their  portal 
initiatives,  CIOs  must  deal  with  a  spec¬ 
trum  of  problems— ranging  from  inte¬ 
grating  all  aspects  of  the  information  life- 
cycle  to  coping  with  what  IDC  calls  “the 
invisible  intranet.” 


wm 

Custom  Publishing 

Advertising  Supplement 


Elusive  Information 

“The  invisible  intranet”  was  coined  by 
IDC  in  a  2001  white  paper  titled  The  High 
Cost  of  Not  Finding  Information ,  which 
explains:  “Any  information  that  isn’t  cen¬ 
trally  indexed  will  not  appear  in  search 
results,  creating  a  phenomenon  known  as 
the  ‘invisible  intranet.’  The  information  is 


there,  but  it  simply  cannot  be  found  by  the 
intranet’s  search  function.” 

Enterprise  information  is  stored  in  dis¬ 
parate  content  repositories  and  comes  in  a 
wide  range  of  formats — usually  not  the 
static  HTML  pages  preferred  by  search 
engines.  Even  files  generated  by  Microsoft 
Word,  Excel  or  PowerPoint  are  often  over¬ 
looked.  Rich  media  files  almost  always 
defy  normal  search  and  classification 
schemes.  And  files  stored  locally  on  desk¬ 
tops,  laptops  and  even  the  newer  classes  of 
PDAs  are  usually  beyond  the  reach  of 
most  intranet  search  engines. 

The  situation  is  not  only  frustrating,  it 
is  costly.  The  invisible  intranet  results  in: 
poor  decision  making  based  on  incom¬ 
plete  or  faulty  information;  reinventing 
the  wheel;  losing  sales  when  customers  are 
unable  to  find  the  information  they  want 
on  products  or  services;  and  lost  produc¬ 
tivity  as  employees  stymied  by  a  fruitless 
search,  turn  to  their  colleagues  for  help. 

In  aggregate,  IDC  says,  Fortune  1000 
companies  waste  $5  billion  annually  due 
to  employees  duplicating  information  that 
already  exists  within  the  enterprise.  And 
this,  researchers  hasten  to  add,  is  a  conser¬ 
vative  estimate. 

On  the  other  hand,  the  benefits  of 
doing  it  right  can  be  startling.  IDC  quotes 
one  IT  manager  of  a  Fortune  500  compa¬ 
ny,  “...by  improving  search  and  retrieval 
systems  for  just  the  firm’s  4000  engineers, 
the  investment  [was]  recovered  within  a 
month  and  [contributed]  to  a  $2  million 
monthly  productivity  gain  thereafter.” 


BY  JOHN  KIRKLEY 


Yahool/lnktomi 


CIO  Advertising  Supplement 


Importance  of  Portals 

“Unfortunately  there’s  no  simple  answer 
to  the  ‘invisible  intranet’  problem,”  says 
David  Gee,  General  Manager  of  Yahoo! 
Enterprise  Solutions  group.  “But  a  com¬ 
prehensive  solution  based  on  the  combi¬ 
nation  of  a  flexible,  scalable  enterprise 
portal  equipped  with  a  powerful  search 
and  retrieval  system  can  significantly 
reduce  the  amount  of  ‘lost  information’ 
and  its  negative  impact  on  worker  produc¬ 
tivity  and  the  company’s  bottom  line.” 

In  today’s  enterprise  environment,  the 
use  of  a  portal  can  increase  the  company’s 
productivity  and  efficiency  by  integrating 
information  and  applications  in  one  central 
location  accessible  via  a  simple,  familiar  user 


interface,  Gee  says.  “You’ll  eliminate  infor¬ 
mation  glut  and  speed  up  your  time-to- 
market  through  closer  collaboration 
between  your  employees,  trading  partners 
and  customers.  Portals  provide  employees 
with  self-service  access  to  benefits  informa¬ 
tion,  company  news,  IT  helpdesk,  employee 
directories  and  other  internal  information 
and  services.  A  personalized  portal  acceler¬ 
ates  communications  and  collaboration  and 
contributes  to  overall  employee  satisfaction. 

“From  the  CIO’s  perspective,”  he  adds,  “a 
portal  reduces  demands  on  IT  and  cuts  the 
costs  of  administering  redundant  processes. 
You  can  roll  out  new  applications  and  ser¬ 
vices  without  incurring  heavy  training  costs.” 

In  addition,  the  portal  can  be  used  to 


build  and  foster  customer  relationships 
essentially  playing  the  role  of  a  direct  com¬ 
munications  channel  that  offers  services  that 
drive  customer  usage  and  frequency. 
Successful  enterprise  portals  are  categorized 
by  delivering  several  key  benefits,  including: 

•  Content  aggregation,  blending  informa¬ 
tion  from  both  inside  and  outside  the 
organization. 

•  Organizations  can  easily  integrate  Yahoo! 
content  into  their  existing  portal(s)  using 
My  Yahoo!  enterprise  edition. 

•  Delivery  of  essential  web  services  using 
recognized  protocols  such  as  SOAP, 
WSDL  and  UDDI. 

•  Integration  of  a  variety  of  mission-critical 
enterprise  applications. 


•  Central  organization  and  presentation  of 
information  via  a  single  user  interface  that  is 
as  familiar  and  easy  to  use  as  My  Yahoo!. 

•  Support  for  multiple  platforms  and  open 
standards,  such  as  J2EE. 

Essential  Search  Capabilities 

But  even  if  a  portal  has  all  the  features  listed 
above,  it’s  not  going  to  pass  muster  unless  it 
has  a  powerful,  flexible  search  engine  that 
allows  the  integration  of  information  across 
departments  and  applications. 

When  Yahoo!  sought  an  enterprise  search 
solution  that  could  handle  the  rigors  of  por¬ 
tal  information  search  and  retrieval,  it  turned 
to  Inktomi  Enterprise  Search.  The  Inktomi 
platform  offers  an  easy  to  deploy  and  man¬ 


age  information  retrieval  solution  that  helps 
enterprise  end  users  find  information  quick¬ 
ly  and  efficiently.  Inktomi’s  search  allows 
users  to  retrieve  fresh,  current  information  as 
it  is  created,  saved  and  stored,  no  matter 
where  it  resides,  its  format,  the  application 
involved,  or  where  the  information  originat¬ 
ed  within  the  enterprise. 

Andrew  Littlefield,  Chief  Strategist, 
Inktomi  Enterprise  Search,  says  that 
Inktomi  Enterprise  Search’s  streamlined 
deployment  process  minimizes  both  time 
and  cost  and  quickens  the  enterprise’s  time- 
to-market.  The  technology  driving  Inktomi 
Enterprise  Search  allows  the  platform  to 
scale  to  search  millions  of  documents  across 
thousands  of  servers  in  the  most  complex 
enterprise  network  environments. 

Included  is  a  high  quality  index  and  an 
intelligent  retrieval  search  technology  that 
uses  natural  language  capabilities  and 
advanced  relevance  algorithms.  Users  enjoy 
immediate  results  without  using  complex 
syntax  or  Boolean  operations.  Queries  can 
be  submitted  in  formats  that  are  comfortable 
and  familiar  for  users — specific  phrases,  key¬ 
words  or  even  field  searches. 

Inktomi  Enterprise  Search’s  intelligent, 
real-time  content  discovery  technology  auto¬ 
matically  learns  how  enterprise  information 
changes  over  time  and  adapts  in  order  to 
maintain  the  most  current  index.  This  com¬ 
bination  of  relevance  and  freshness  ensures 
the  most  accurate  results  possible  without 
degrading  network  resources  or  requiring 
time-consuming  human  intervention. 

“This  is  a  powerful  technology,”  Gee 
says  of  Inktomi  Enterprise  Search.  “It  sup¬ 
ports  direct  indexing  of  Oracle  and  other 
ODBC  compliant  databases.  You  can  also 
completely  customize  the  platform  to  match 
the  look  and  feel  of  your  corporate  intranet 
or  public  web  site.” 

Because  of  the  global  nature  of  e-com- 
merce,  the  Yahoo!  portal  solution  with 
Inktomi  Enterprise  Search  is  designed  to 
support  a  variety  of  languages  including 
complete  grammatical  and  lexical  analysis 
capabilities  with  localized  interfaces  and  sup¬ 
port  for  Unicode  character  sets.  Inktomi’s 
XML  and  Java  API  interface  ensures  inte¬ 
gration  with  content  management  systems, 
Yahoo!  PortalBuilder  and  other  portal 
servers,  as  well  as  other  enterprise  collabora¬ 
tion  and  security  applications.  • 


Yahoo!  in  Action 

“Honeywell  chose  the  Yahoo!  Enterprise  Portal  solution  in  order  to  improve  employee  pro¬ 
ductivity  and  help  its  employees  work  more  intelligently,”  notes  David  Gee,  General  Manager 
of  Yahoo!  Enterprise  Solutions  group.  “MyHoneywell.com  was  up  and  running  in  90  days 
and  was  subsequently  rolled  out  for  use  by  about  120,000  employees  worldwide.” 

Employees  use  the  portal  to  book  their  own  travel,  e-training  such  as  management  courses, 
change  their  pension  and  other  benefit  plans,  view  payroll  and  direct  deposit  information,  and 
access  Honeywell  corporate  information  and  industry  news.  Yahool’s  global  portal  solution  pro¬ 
vides  Honeywell  with  customization  and  personalization  even  at  the  local  level.  Honeywell 
developers  use  the  portal  server’s  browser-based  administration  tools  to  quickly  customize 
default  start  pages  for  employees  in  Europe,  Asia,  the  US  and  other  offices  around  the  globe. 

Bask  Iyer,  CIO  and  VP  of  e-Business  for  Global  Business  Services  at  Honeywell,  says,  “The 
reasons  Honeywell  uses  a  Yahoo!  solution  are  that  it's  proven,  it  works,  it's  very  scaleable  and 
our  users  love  the  content.” 

In  today’s  highly  competitive  environment,  the  ability  to  integrate  and  access  informa¬ 
tion  across  departments  and  applications  on  a  worldwide  basis  is  critical.  “A  user-friend¬ 
ly  portal  such  as  Yahool’s  complete  portal  solution,  combined  with  a  powerful,  state-of- 
the-art  search  engine  like  Inktomi  Enterprise  Search,  is  a  winning  combination,”  Gee  says. 
“It’s  the  answer  to  the  challenge  of  the  high  cost  of  not  finding  information,  while  helping 
customers  realize  all  the  benefits  associated  with  tapping  the  invisible  intranet.” 


For  more  information,  please  visit:  enterprise.yahoo.com  and  www.inktomi.com. 


S  2 


ARE  YOUR 


AND  BUSINESS  STRATEGIES 

ALIGNED 


YOU  NEED  TO  GET  SMART  FAST. 


Do  you  have  a  sound  strategic  plan?  Is  it  aligned  to  busi¬ 
ness  goals?  When  and  how  do  you  develop  it?  Who 
should  be  involved?  How  do  you  keep  it  current?  Turn  to 
the  CIO  FOCUS™  on  HOW  TO  DEVELOP  AND  ALIGN  I.T. 
STRATEGY— actionable  information  created,  filtered  and 
packaged  by  the  award-winning  editors  of  CIO  magazine. 

CIO  FOCUS™  is  delivered  right  to  your  desktop,  giving  you 
immediate  access  to  the  information  you  need.  And  for  your 
future  reference  needs,  the  electronic  file  is  followed  by  a 
packaged  version,  shipped  within  72  hours.  Available  now  at 
an  introductory  price. 


CIO  FOCUS" 


STRATEGIC  GUIDES  FOR  EXECUTIVE  DECISION  MAKING 


CIO  FOCUS™ 

IT  Value:  Measurement  Tools 
and  Techniques  That  Work 

Fundamentals  of  the  CIO  Role 

Security  ASAP:  How  to  Be 
As  Safe  As  Possible 

Applied  Wireless:  Making 
Wireless  Work  in  Business 

Security  Incident  Planning: 
How  to  Prepare  to  Respond 
and  Recover 

Fundamentals  of  Enterprise  IT 


FOR  EXECUTIVE  DECISION  SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.theCIOstore.com 


trendlines 


GOVERNMENT  I  .  T 


Hero  Wanted,  Cheap 


By  Michael  Goldberg 


“ATTENTION  CIOS:  Looking  for  an 
opportunity  to  serve  your  country  in  a 
post-9/11  world?  For  the  incredible  chal¬ 
lenge  of  defining  IT  infrastructure  that  will 
support  FBI  investigations  into  terrorism, 
espionage  and  international  crimes?” 

This  is  the  ad  the  FBI  ran  in  The  Wall 
Street  Journal.  The  $4  billion  agency  at  the 
forefront  of  homeland  defense  is  seeking  a 
successor  for  Bob  Dies,  a  career  IBM  exec¬ 
utive  who  took  the  bureau’s  top  IT  job  in 
July  2000.  Applications  closed  in  April.  It 
could  take  until  later  this  summer  to  fill 
the  post,  the  FBI  says. 

The  description  posted  on  www.fbijohs 
.com  makes  it  sound  like  Superman’s  cape 
would  be  a  good  thing  to  bring  to  the  inter¬ 
view.  To  qualify,  the  website  suggests  that 
you  be  a  proven  leader  with  financial  man¬ 


agement  know-how.  You  should  possess 
the  political  savvy  to  build  coalitions.  You 
must  manage  a  $109  million  IT  upgrade 
and  a  $59  million  IT  security  and  infor¬ 
mation  assurance  project.  , 

And  you’ll  do  all  that  for  a  salary 
between  $125,972  and  $138,200  a 
year. 

If  that  sounds  low,  that’s  simply  what 
public  servants  make  at  that  level,  according 
to  the  Federal  Office  of  Personnel  Man¬ 
agement.  CIOs  at  comparably  sized  compa¬ 
nies  such  as  MGM  Mirage,  the  casino  own¬ 
er,  and  ITormel  Foods,  maker  of  Spam 
lunch  meat,  earn  more  than  twice  as  much 
on  average  ($281,768),  according  to  a 
recent  CIO  survey. 

The  kind  of  top-flight  talent  sought  by  the 
FBI  would  earn  five  or  six  times  the  govem- 


Cy°f a  Ur 


ment  salary 
in  a  private  sector  job, 
says  Robert  McHale,  managing 
director  at  Korn/Ferry  International. 
McHale,  who  helped  the  FBI’s  recruiting 
effort,  says  low  pay  didn’t  stop  applicants. 

“Here’s  an  opportunity  for  them  to  give 
something  back  and  to  create  their  own 
legacy.  So  compensation  has  not  been  a 
major  issue,”  McHale  says. 

And,  of  course,  they  might  get  a  badge. 


HOT  TOPIC 


The  Few,  the  Proud,  the  Supply  Chain 

By  Ben  Wo rthen 


ANAGEMENT 


WAR  IS  HELL  and  so  is  supporting 
one.  Every  time  the  Marine  Corps  goes 
off  to  fight,  it  needs  soldiers  for  combat 
but  also  support  personnel  to  manage 
the  supply  chain  each  mission 
requires. 

There  are  five  components  to  battle 
support. 

Supply— getting  weapons,  ammunition  and  other  goods  to 
soldiers  in  the  field. 

Maintenance— making  sure  that  the  equipment  is 
working  properly. 

Health  services— providing  onsite  medical  attention  and 
evacuations  when  needed. 

Transportation— getting  the  troops  and  supplies  to  the 
right  place. 

General  services— mail  delivery,  for  example. 

As  recently  as  1999,  the  Corps  had  206  logistics  systems  to 
handle  those  operations.  It  is  now  in  the  process  of  a  major 
combat  supply  chain  overhaul  that  will  reduce  shipping  time 
by  approximately  50  percent,  eliminate  between  $125  million 
and  $180  million  a  year  in  inventory  costs,  and  free  up  1,800 


marines  from  logistics  duty  for  redeployment  in  the  field. 

The  Corps’  logistics  operations  were  in  shambles  during 
the  Gulf  War,  says  Sapient  Senior  Vice  President  Chris  Davey, 
who  oversees  the  supply  chain  overhaul.  “They  brought  so 
much  stuff,  and  they  didn’t  know  where  most  of  it  was.  They 
had  containers  full  of  gear  and  no  ability  to  track  it.”  Other 
inefficiencies  ate  up  time  and  money.  The  Corps  was  treating 
every  item  the  same  way  regardless  of  what  it  was.  There  was 
no  differentiation,  for  example,  between  the  process  for 
buying  weapons  and  the  process  for  buying  pencils. 

The  revamped  supply  chain  won’t  eliminate  all  legacy 
systems  right  away— the  Corps  does  have  a  limited  budget 
that  it  needs  for  operations  like  the  current  conflict— but  it  will 
replace  inefficient  processes.  Battalion-level  databases,  for 
example,  which  tracked  inventory  for  spare  parts  like  Humvee 
engines,  have  been  eliminated  and  replaced  with  databases 
that  cover  a  geographic  area.  Also,  the  Iridium  satellite 
system  owned  by  the  Department  of  Defense  is  now  being 
used  to  facilitate  the  movement  of  supply  requests  from  the 
front.  Some  of  the  supply  chain  improvements  are  already 
being  tested  in  Afghanistan.  The  rest  will  be  rolled  out  over 
time,  from  the  halls  of  Montezuma  to  the  shores  of  Tripoli. 


3  6  CIO  JUNE  15,  2  002 


www.cio.com 


EXPERIENCE 
THE  POWER  OF 

LIVEBUSINESS" 


LIVEBUSINESS 


MEAN  TO  YOU? 


RECEIVE  YOUR  COMPLIMENTARY 
LIVEBUSINESS  SOLUTIONS  KIT: 


When  your  technology  is  integrated  and  available  in  real-time,  your  organization 
can  compete  more  effectively  in  today's  economy.  DataMirror’s  LiveBusiness 
framework  is  designed  to  help  companies  across  all  industries  rapidly  and 
cost-effectively  integrate  the  different  applications,  databases  and  computer 
systems  that  drive  their  business.  When  you  connect  people  to  real-time 
information,  you  can  achieve  competitive  advantage  and  real  business  benefits 
including  increased  business  agility,  productivity  and  responsiveness  to  customers. 


WWW.DATAMIRROR.COM/UVEBUSINESS 


OVER  1,500  CUSTOMERS  USE  DATAMIRROR  SOFTWARE  TO  INTEGRATE  THEIR  DATA. 


■hhbbb 


DatzMirror 

HOW  TO  DO  BUSINESS  WITH  DATAMIRROR  THE  EXPERIENCE  OF  NOW  ™ 

WWW.DATAMIRROR.COM  1  800  362  5955 

Copyright  ©  2002  DataMirror  Corporation.  All  rights  reserved.  DataMirror.  LiveBusiness  and  The  experience  of  now  are  trademarks  or  registered  trademarks  of  DataMirror  Corporation. 

All  other  brand  or  product  names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 


- trendlines - 

Washington  Watch 

V _ x  Edited  by  Janice  Brand 


Doom  for  the  NIPC? 


IN  LATE  MARCH  ,  rumors  surfaced  that 
FBI  Director  Robert  Mueller  was  on  the 
verge  of  dismantling  the  National  Infra¬ 
structure  Protection  Center  (NIPC),  which 
has  been  the  government’s  primary  criti¬ 
cal  infrastructure  threat  assessment  and  re¬ 
sponse  unit  since  its  founding  in  February 
1998.  NIPC  spokeswoman  Debra  Weier- 
man  insists  that  rumors  of  the  center’s 
demise  have  been  greatly  exaggerated. 
However,  Mueller’s  April  2  appointment 
of  Larry  Medford — former  head  of  the 
FBI’s  San  Francisco  field  office,  which  just 
completed  a  two-year  undercover  counter¬ 
feit-software  sting — as  assistant  director 
in  charge  of  a  newly  created  Cyber 
Division,  casts  the  NIPC’s  future  as  we 
know  it  in  doubt. 

The  Cyber  Division’s  charter  is  vague. 
An  FBI  press  release  says  that  the  division 
will  “supervise  and  facilitate  the  FBI’s 
investigation  of  federal  violations  in  which 
the  Internet,  computer  systems  and  net¬ 
works  are  exploited  as  the  principle  instru¬ 
ments  or  targets  of  criminal  activity.”  Even 
a  spokesperson  admits  that  the  new 
group’s  role  isn’t  fully  resolved. 

Critics,  including  Sen.  Charles  Grassley 
(R-Iowa),  interpret  the  Cyber  Division’s 
charter  to  mean  that  it  will  be  put  in 
charge  of  the  NIPC,  a  move  that  could 
prove  fatal  to  the  government  and  private 
sector  collaboration  that  the  NIPC  was 
formed  to  foster.  The  new  division  is 
clearly  intended  to  be  a  law  enforcement 
organization — it’s  even  listed  under  the 
bureau’s  criminal  investigations  wing.  In 
a  letter  to  Mueller,  Grassley  warned  that 
burying  the  NIPC  deeper  within  the  FBI’s 
crime  fighting  bureaucracy  would  threaten 
the  already-fragile  trust  between  the  cen¬ 
ter  and  the  private  sector,  which  controls 
90  percent  of  the  nation’s  critical  infra¬ 
structure.  Companies  are  already  wary  of 


ON  MARCH  7,  the  Los  Angeles  Times 
reported  that  the  Department  of  Defense 
(DOD)  planned  to  ban  foreign-born  IT 
professionals  from  working  on  sensitive 
projects  by  midsummer.  The  controver¬ 
sial  policy  prompted  Information 
Technology  Association  of  America 
(ITAA)  President  Harris  Millerto  write  a 
letter  to  DOD  Undersecretary  for 
Acquisition,  Technology  and  Logistics 
Edward  Aldridge  expressing  his  concern. 

“Public  policy  must  be  based  on  real- 
world  actions  and  tangible  threats— not 
supposition  and  innuendo,"  wrote  Miller. 
In  a  press  time  interview,  Miller  told  CIO 
that  since  his  letter,  the  timetable  for  the 
ban  has  been  pushed  back,  but  that  as 


sharing  security  breaches,  he  writes,  and 
could  respond  by  cutting  off  the  flow  of 
infrastructure  information  to  the  FBI. 

The  creation  of  the  Cyber  Division  has 
other  ramifications  for  the  private  sector 
as  well.  Ari  Schwartz,  an  analyst  for  the 
Washington,  D.C. -based  Center  for  De¬ 
mocracy  and  Technology,  says  that  there 
will  now  be  more  agents  to  process  cyber¬ 
crime  information — a  classic  double-edge 
sword.  “The  upside  is  that  there  are  more 
resources  to  fight  crime,”  says  Schwartz. 
“The  downside  is  more  people  working 
without  oversight.  The  USA  Patriot  Act 
[the  omnibus  antiterror  legislation  that 
sailed  through  Congress  in  the  wake  of 
Sept.  11]  has  a  lot  of  demands  on  the  pri¬ 
vate  sector  that  were  not  well  debated. 
There  are  companies  that  will  be  very  sur¬ 
prised  when  the  FBI  comes  knocking  on 
their  door,  which  they  now  have  the 
resources  to  do.”  -Ben  Worthen 


far  as  he  knows  the  DOD’s  intentions 
haven't  changed. 

Miller  feels  that  the  ban,  which  has  yet 
to  be  debated  publicly,  would  be  a  blow  to 
small  to  midsize  IT  shops.  The  ban  would 
cover  all  foreign-born  employees,  Indian 
programmers  on  Hl-B  visas  and 
Canadian-born  U.S.  residents  alike. 

"It’s  inconvenient,  but  a  big  company 
can  shift  its  workers  around,”  says  Miller. 
However,  the  implication  is  severe  “if  you 
are  a  small  or  medium-size  business  and 
10  percent  of  your  workforce  is  foreign," 
he  says. 

One  thing  is  clear  to  Miller,  however. 
“The  slower  track  is  definitely  good  news," 
he  says.  - B.W . 


Paranoia  or  Prudence? 
Banning  Foreign  Workers 


3  8  CIO  JUNE  15,  2002 


www.cio.com 


PHOTO  BY  AP/WIDE  WORLD  PHOTOS 


FILE  UNDER  :  DATA  PROTECTION 


How  safe  is 

(Really.) 


'An  enterprise  cannot  become  resilient  unless  it  can  effectively 
operate  a  backup-and-restore  method  for  all  of  its  user 
workstations  -  in  the  offices,  mobile  and  remote. 

Continuous  backup,  and  the  ability  to  restore  anywhere  and 
anytime,  is  fundamental  not  only  as  a  convenience  to 
the  individual  user,  but  to  the  survival  of  the  business. 

The  great  majority  of  tools  for  backup  and  restore  are  based  on 
the  erroneous  assumption  that  the  user  will  have  constant 
access  to  a  high-speed  LAN. 

Best  Practices  for  Mobile  Workforce  Information  Backup, 

John  Girard,  Gartner  Research,  QA,  Dec  2001 


With  Connected  TLM™,  you  can  securely  protect, 
and  restore  your  data-in  the  office  or  over  the  Internet— 

anytime,  anywhere. 


CONNECTED 


DATA  SAFE. 
PCs  UP. 
COSTS  DOWN. 


Meet  Gary  Beach 

CXO  Media  Inc. 


CIO  magazine  &  Connected  Executive  Event  Series: 
www.connected. com/events/CIO 


DEPLOYED 


DOWNLOAD 


By  400  corporations,  including  Amgen,  Citgo,  Deutsche  Banc, 
Fidelity,  Hewlett-Packard,  Lockheed  Martin,  Schlumberger, 
Toyota,  Tyco,  U.S.  Army,  U.S.  Postal  Service  and  VISA 
To  find  out  more  call  1  800  934  0956 

Get  the  full  story  on  Connected  from  Gartner 
www.connected.com/gartner_bestpractices 


500 


©2002  CONNECTED  CORPORATION.  CONNECTED  AND  CONNECTED  TLM,  ARE  TRADEMARKS  OF  CONNECTED  CORPORATION.  ALL  OTHER  MARKS  ARE  PROPERTY  OF  THEIR  RESPECTIVE  OWNERS 


©  5002  SAP  AG.  SAP  and  the  SAP  logo  are  registered  trademarks  of  SAP  AG  in  Germany  and  several  other  countries. 


It  takes  money  to  make  money.  But  not  nearly  as  much  as  you'd  think.  SAP  and 
its  partners  —  all  with  industry  expertise  —  offer  affordable,  scalable,  industry- 
specific  solutions  that  can  help  make  any  size  company  more  productive  and 
efficient.  So  you  can  automate  your  operations,  provide  better  customer  support 
and  leverage  important  data.  And  because  our  SMB  solutions  can  be  up  and  running 
in  as  little  as  three  months,  ROI  comes  sooner  rather  than  later.  Especially  if  you 
call  800  880  1727  or  visit  sap.com/smb  (sooner  rather  than  later). 


THE  BEST-RUN  E-BUSINESSES  RUN  SAP 


Net  Gains 

Creating  Value  Online 


Profit  from 
Transparency 

Should  your  customers  compare  prices,  post  opinions 
and  pit  you  against  your  competitors?  Absolutely. 

BY  MOHANBIR  SAWHNEY 


THE  INTERNET  HAS  USHERED  in  the  age  of  information  democracy  by 
shifting  the  balance  of  power  toward  customers.  Nowadays, 
customers  can  compare  prices  through  shopping  engines  such 
as  DealTime  and  PriceGrabber.com.  They  can  pit  sellers  against 
each  other  through  reverse  auction  services  like  FreeMarkets. 
And  they  can  get  unbiased  feedback  on  products  and  services 
through  third  parties  like  Amazon.com,  BizRate.com  and 
CNet.  Information  transparency  is  here  to  stay. 

Transparency  is  a  good  thing  for  customers,  but  it  seems  to 
threaten  suppliers.  One  of  my  favorite  questions  for  executives 
is:  If  your  customers  knew  everything  about  your  products, 
your  costs,  your  prices  and  your  competitors’  offerings,  would 
you  be  better  off?  Judging  from  the  uncomfortable  silences  I 
usually  encounter  in  response,  most  executives  believe  that 
transparency  is  an  enemy  of  profit.  Their  reasoning:  Customers 
will  take  advantage  of  better  information  to  drive  down  prices 
and  profit.  Harvard  Business  School’s  management  guru 
Michael  Porter  echoes  that  thought.  “The  great  paradox  of 
the  Internet,”  he  says,  “is  that  its  very  benefits — making  infor¬ 
mation  widely  available;  reducing  the  difficulty  of  purchasing, 


marketing  and  distribution;  and  allowing  buyers  and  sellers  to 
find  and  transact  business  with  each  other  more  easily — also 
make  it  more  difficult  for  companies  to  capture  profits.” 

But  is  transparency  always  a  threat  to  profit?  Will  it  set  off 
a  spiral  of  lower  prices,  intensified  competition  and  commodi¬ 
fied  products?  Not  necessarily.  I  believe  that  transparency  can  be 
good  for  profit.  To  profit  from  transparency,  companies  need 
to  understand  two  key  principles  about  customer  decision  mak-  * 

ing.  First,  customers  never  buy  solely  on  price,  even  though  3 

■< 

companies  might  think  they  do.  Second,  prices  may  be  trans-  ^ 

00 

parent  to  customers,  but  value  often  remains  opaque.  By  mak-  3 
ing  their  value  propositions  visible  to  customers,  companies  ? 
can  benefit  from  the  democratization  of  information. 

O 

I  recently  participated  in  a  conversation  between  the  CEO  5 

Q : 

of  a  midsize  pharmaceutical  manufacturer  and  a  supplier  of  | 
plastics  who  was  trying  to  get  the  pharmaceutical  company  to  ^ 


4  2 


CIO  JUNE  15,  2  002 


\Nww.c\o.com 


IBM  LIFE  SCIENCES  AND  OUR  BUSINESS  PARTNERS  OFFER  SERVER  AND  STORAGE 
SOLUTIONS  TO  HELP  ACCELERATE  GENOMIC  AND  PROTEOMIC  RESEARCH  AND 
DRUG  DISCOVERY. 

IBM  (©server  Solutions.  From  the  high-performance  IBM  (©server  pSeries  690  to  the  IBM  (©server 
Cluster  1300  running  Linux,  IBM  servers  deliver  self-managing  technology  that  allows  multi-platform 
accessibility  and  the  flexibility  to  select,  build  and  deploy  a  range  of  applications. 

IBM  TotalStorage  Products.  IBM  offers  the  broadest  portfolio  of  high-performance  storage 
products  -  tape,  disk,  storage  networking  and  management  software  -  designed  to  provide  high 
availability  and  an  open,  scalable  and  flexible  infrastructure  for  growing  data-intensive  environments. 


To  get  a  free  “Protein  Folding”  screensaver,  visit  ibm.com/solutions/lifesciences/servers6 


Net  Gains 


switch  to  plastic  bottles  instead  of  glass.  Plastic  bottles  seem  to 
be  as  close  to  a  commodity  as  one  could  imagine.  Naturally, 
the  conversation  began  with  the  pharmaceutical  CEO  asking 
if  plastic  bottles  were  cheaper.  Being  a  good  marketer,  the  plas¬ 
tics  manufacturer  pointed  out  that  the  price  of  the  bottle  should 
not  be  the  sole  focus  of  attention.  First  of  all,  he  said,  plastic 
weighs  less  than  glass,  so  the  transportation  costs  for  the  drug 


There  are  two  key  principles  about  customer 
decision  making.  First,  customers  never  buy 
solely  on  price.  Second,  prices  may  be  transparent, 
but  value  often  remains  opaque. 


company  would  be  lower.  Second,  plastic  is  not  as  fragile,  so  the 
breakage  loss  would  be  lower.  Third,  plastic  bottles  would  save 
on  labeling  cost  because  labels  could  be  imprinted  directly. 
Fourth,  being  a  local  supplier,  the  plastics  manufacturer  would 
deliver  more  frequently  in  smaller  batches,  resulting  in  reduced 
inventory  holding  cost.  On  the  negative  side,  the  production  line 
would  run  somewhat  slower  with  plastic. 

As  the  conversation  progressed,  it  became  evident  that  the 
drug  company’s  value  equation  for  packaging  included  a  num¬ 
ber  of  considerations  besides  price.  After  accounting  for  variable 
costs,  such  as  inventory,  breakage,  logistics  and  line  efficien¬ 
cies,  the  plastic  bottles  would  be  a  better  value  even  at  a  higher 
price.  The  moral:  There  is  no  such  thing  as  a  true  commodity. 

While  suppliers  should  make  their  value  propositions  trans¬ 
parent  to  customers,  customers  are  also  realizing  that  it  is  in 
their  interest  to  make  their  value  equations  transparent  to  sup¬ 
pliers.  I  spoke  with  a  purchasing  executive  from  a  petroleum 
company  about  reverse  auctions.  Suppliers  tend  to  hate  them 
because  large  buyers  use  auctions  to  beat  competing  suppliers 
down  on  price,  leaving  the  winners  with  a  Pyrrhic  victory.  The 
purchasing  executive  said,  “We  provide  all  bidders  in  our 
reverse  auction  with  the  formula  we  use  to  weigh  variables 
among  competing  suppliers.  With  this  information,  suppliers 
are  able  to  make  trade-offs  among  price  and  nonprice  vari¬ 
ables  as  they  participate  in  the  auction.”  In  that  case,  trans¬ 
parency  is  good  for  suppliers  who  have  superior  value  propo¬ 
sitions,  even  if  their  prices  aren’t  the 

cio.com _  _ !  lowest. 

The  key,  then,  to  profiting  from 
transparency  is  to  sell  on  value, 
which  involves  three  key  steps. 

1.  Understand  what  customers  really 
value.  The  pharmaceutical  company 


Are  you  ready  for  trans¬ 
parency?  Let  us  know  at 

CIO  READER  POLL  at 

www.cio.com/readerpoll. 


mentioned  really  cared  about  the  total  cost  of  producing,  pack¬ 
aging,  shipping  and  promoting  their  drugs.  The  CEO  of 
Freightliner,  a  truck  manufacturer,  noted  that  customers  don’t 
want  to  just  buy  trucks.  They  care  about  “keeping  ’em  rolling.” 
That  insight  spurred  Freightliner  to  offer  a  diagnostics  service 
for  its  trucks  that  predicts  breakdowns,  and  a  speedier  process  for 
delivering  parts.  You  may  find  that  the  product  cost  is  a  small 
component  of  the  customer’s  total  costs, 
and  that  price  is  only  one  of  many  vari¬ 
ables  that  customers  should  consider. 

2.  Develop  flexible  market  offerings. 
No  company  can  satisfy  all  customer  seg¬ 
ments  with  the  same  offering.  To  cater  to 
different  segments,  companies  need  to  cre¬ 
ate  what  Jim  Andersen,  my  colleague,  calls 
“flexible  market  offerings.”  These  are  bun¬ 
dles  of  products,  services  and  information 
that  customers  can  configure  and  customize  to  suit  their  priorities. 
I  often  find  that  companies  bundle  services  with  their  products 
as  value-added  services.  The  problem  is  that  not  all  customers 
value  all  the  services.  A  software  customer  who  has  a  strong  IT 
organization  may  not  value  support  as  much  as  another  customer 
who  relies  more  on  outsourced  11"  support.  Allow  customers  to 
choose  the  services  they  value  and  to  pay  for  only  what  they  use. 

3.  Communicate  your  value  proposition.  You  need  to  edu¬ 
cate  customers  about  the  elements  of  your  value  proposition. 
Customers  often  may  not  even  know  what  variables  they  ought 
to  be  thinking  about  and  how  you  stack  up  against  competitors. 
Internal  communication  is  equally  important.  The  sales  organ¬ 
ization  will  tend  to  use  price  as  its  only  competitive  weapon  if 
it  doesn’t  really  understand  the  company’s  value  proposition. 
Obviously,  the  sales  force  has  to  be  able  to  quantify  the  eco¬ 
nomic  benefits  of  nonprice  variables. 

By  following  those  steps,  companies  that  truly  provide  bet¬ 
ter  value  will  profit  from  transparency — they’ll  move  the 
conversation  with  customers  away  from  price  to  value.  So, 
transparency  is  not  necessarily  an  enemy  of  profit.  But  it  is  an 
enemy  of  profit  based  on  customer  ignorance.  The  sobering 
question  you  need  to  ask  yourself  is,  Is  an  informed  customer 
really  a  better  customer  for  my  company?  If  the  answer  is  yes, 
you  should  embrace  transparency  by  making  your  value  propo¬ 
sition  explicit  to  your  customers.  If  the  answer  is  no,  you  need 
to  find  another  way  to  make  a  living.  HP1 


How  well  do  you  know  your  customers?  Let  us  know  at 
netgains@cio.com.  Mohanbir  Sawhney  is  the  McCor¬ 
mick  Tribune  professor  of  e-commerce  and  technology 
at  Northwestern  University's  Kellogg  School  of  Man¬ 
agement  and  a  fellow  at  DiamondCluster  International. 
He  can  be  reached  at  mohans@nwu.edu. 


4  4 


CIO  JUNE  15,  2002 


www.cio.com 


c 


THE  STRAIGHT  GOODS  ON  APPLICATION  SERVERS. 


"WE'RE  MORE 
J2EE  THAN  THE 
OTHER  GUYS." 

We  hear  this  one  a 
lot.  We  assure  you  it 
is  complete  nonsense. 
You're  J2EE  compatible 
or  you're  not.  It's  not  a 
sliding  scale.  It's  simply 
either/or.  Yes  or  no.  It's 
an  utterly  and  totally 
binary  situation. 


can  only  effectively  cluster  in  one 
place  at  a  time.  Smart  thinking  until 
an  unexpected  power  outage  brings 
down  your  call  center's  data  systems. 
Others  say  you  can  cluster,  but  only 
one  operating  system  at  a  time. 
Which  means  you  can  never  throw 
an  NT  box  into  a  Unix  cluster  or 
vice  versa.  We  beg  to  differ  on  both 
counts.  EAServer  lets  you  cluster 
any  way  your  e-Business  demands. 


“AN  APP  SERVER  IS  ALL 
YOUR  e-BUSINESS  NEEDS. 


Pure  delusion.  True,  an  app  server 
can  be  thought  of  as  the  integration 
engine  driving  your  e-Business. 


But,  it's  still  just  one  component  of 
your  e-Business.  And  just  one.  Let's 
not  forget  the  development  tools,  the 
adapters,  DBMS  solutions,  wireless 
servers  and  a  host  of 
other  components.  And 
here's  the  crunch:  the 
ability  to  integrate  them. 

Anything  less  simply 
won't  carry  you  into  the 
future.  Sybase  provides 
all  these  components. 

Of  course,  EAServer 
runs  as  the  integration 
engine  unifying  these 
components  into  your 
company's  infrastructure. 


Avoiding  the  horror  of  this  is  one  of 
the  very  best  arguments  in  favor  of 
Sybase  EAServer. 


Not  only  do  we  guarantee  that  we 
will  make  all  of  your  systems  work 
together,  well  show  you  how  you  can 
migrate  to  your  new  technologies 
without  disrupting  your  current 
information  systems.  Or  your  business. 
Absolutely  no  pain.  Lots  of  gain. 


"OUR  BENCHMARKS 
MIRROR  YOUR 
REALITY." 


What  happens  in  a 
carefully  set-up  study  to 
prove  a  marketing  claim 
is  the  marketing  claim 
gets  proven.  It's  not 
rocket  science. 

We  do  benchmarks, 
too.  We  just  got  some 
back  that  say  our 
application  server 
is  faster  than  the 
best-selling  app  server 
in  the  business-to- 
consumer  market. 
Surely,  real-world 
performance 
measurements,  not 
contrived  marketing 
benchmarks,  are  more 
important  to  running 
your  real-world  business. 
Let's  talk. 


For  the  record,  EAServer 
is  J2EE  compatible.  In  fact,  we  were 
among  the  very  first  application  servers 
to  be  certified.  We  also  support  C  and 
C++,  COM,  CORBA,  and  of  course,  our 
own  PowerBuilder. 

You  won't  find  more  comprehensive 
support  for  the  leading  technologies 
and  applications  most  prevalent  in 
e-Business  today. 

"CLUSTERING  WORKS  BUT  ONLY  IN 
ONE  PLACE  AT  A  TIME." 

Any  true  24x7  e-Business  depends 
upon  availability.  And  the  most 
certain  way  to  ensure  availability  is 
with  clustering.  Now,  some  say  you 


Even  if  that  involves  the  clustering  of 
two  different  operating  systems  in  two 
different  geographical  locations. 

"IT'S  OUR  WAY  OR  THE  HIGHWAY." 

This  is  usually  couched  in  somewhat 
softer  terms.  Something  like  this: 
"Let’s  start  fresh.  Get  rid  of 
everything  you've  got.  Make 
the  switchover  to  our 
stuff.  And  welcome 
to  the  New  World." 

What  this 
always  translates 
into  is  one  great, 
ugly  and  brutish 
migration  nightmare. 


SYBASE  e-BUSINESS  SOFTWARE. 
BECAUSE  EVERYTHING  WORKS  BETTER  WHEN 


GET  THE  WHOLE  TRUTH.  OR 
AT  LEAST  OUR  SIDE  OF  THE  STORY. 

We  believe  EAServer  deserves  your 
full  consideration.  We  won't  stretch 
or  distort  facts  to  convince  you  of 
our  viewpoint.  But  we  would  like  to 
give  you  all  the  arguments  in  favor 
of  our  case. 

Visit  www.sybase.com/truth.  Or  you 
can  call  1-800-8-SYBASE.  And  thanks 
for  letting  us  clear  the  air. 


B 


i  Sybase 


Information  Anywhere' 


EVERYTHING  WORKS  TOGETHER." 


2002  Sybase,  Inc.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 


)udgets  have  always  been  the  toughest  part  of  your  job.  But  you  now  find  those  skills  being  tested 

like  never  before  when  challenged  to  reduce  infrastructure  costs  without 
risking  your  long-term  business  objectives. 

HP  Services  can  help:  thousands  of  infrastructure  management 
specialists  who  have  provided  IT  operations  for  hundreds  of  companies 
around  the  world.  People  who  work  with  you  to  address  virtually  every 
aspect  of  managing  your  infrastructure.  From  streamlining  operations  to 
reducing  overhead  to  simplifying  processes.  All  while  ensuring  that  the 
solution  is  flexible  enough  to  evolve  with  your  changing  needs. 

That's  because  our  outsourcing  solutions  always  start  with  you  — 
your  issues,  your  challenges,  your  opportunities.  So  we  can  easily  take 
on  entire  operations  or  parts  of  operations  depending  on  the  specific 
business  goals  you  hope  to  achieve. 

HP  infrastructure  solutions  are  engineered  for  the  real  world 
of  business.  Because  the  last  time  we  checked,  that's  where  we  all  work. 
Call  1.800. HPASKME,  ext.  246.  Or  visit  www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 


invent 


Peer  to  Peer 

Field-Tested  Ideas  from  CIOs  for  CIOs 


v 


Step  Up 
and  Lead 


Today  the  CIO  role  can  be  as  big  as  you  want  it  to  be 


BY  JOHN  J.  CIULLA 


WHEN  I  FIRST  JOINED  the  elite  ranks  of  the  basement  dwellers  back 
in  1981,  the  term  CIO  didn’t  even  exist.  In  fact,  we  didn’t  even 
use  the  term  information  technology — first  it  was  data  pro¬ 
cessing,  then  it  was  management  information  systems  (MIS). 
And  looking  back,  it  seems  like  we  really  did  spend  an  awful 
lot  of  time  down  in  the  basement,  just  trying  to  keep  our  net¬ 
work  up  and  running. 

Even  in  1993,  when  I  landed  my  first  CIO  gig  at  Entex,  our 
infrastructure  gave  me  many  sleepless  nights.  I  was  constantly 
worrying  about  uptime  and  putting  out  fires.  Granted,  it  was 
my  first  time  performing  the  CIO  role,  but  it  seemed  like  I  just 
never  had  a  chance  to  take  off  the  pocket  protector  and  become 
a  part  of  the  culture  of  my  company. 

Yet  while  I  may  not  have  been  able  to  feel  it  at  the  time,  by 
then  a  transformation  was  beginning,  and  technology  was  start¬ 
ing  to  catch  up  to  the  speed  of  business.  Today  the  systems 
and  management  tools  out  there  are  so  good  that  to  say  I  have 
nearly  100  percent  uptime  doesn’t  seem  like  much  of  an  accom¬ 
plishment.  Uptime  today  is  like  dial  tone — you  simply  expect 
it  to  be  there.  These  days  I  spend  less  than  50  percent  of  my  time 

48  CIO  JUNE  15,  2002  •  www.cio.com 


on  the  traditional  CIO  task  of  managing  information  systems. 
But  I’m  busier  than  ever. 


A  Strategic  Player 

We  all  know  that  the  role  of  the  chief  information  officer  is 
dramatically  different  now  from  what  it  was  10  years  ago  or 
even  two  years  ago.  Today’s  CIO  has  moved  out  of  the  base¬ 
ment  and  into  the  boardroom,  becoming  a  key  figure  in  pur¬ 
chasing  decisions,  operational  strategy,  even  marketing  and 
sales.  Whether  we’re  creating  the  next  killer  app  to  keep  our 
company  one  step  ahead  of  the  competition  or  strategizing 
with  the  marketing  group  about  how  to  appeal  to  other  IT  deci¬ 
sion  makers,  today  the  CIO  is  a  vital  piece  of  any  company’s 
strategic  puzzle.  The  question  is,  how  do  we  convince  our  busi¬ 
ness  peers  of  that? 

For  me  it  all  began  to  change  during  my  second  stint  as  a  CIO, 


ILLUSTRATION  BY  OLEG  KOULIKOV 


Innovative  ways  that  let  you  target  new  customers,  keep  existing  ones 
and  be  the  business  everyone  is  talking  about. 

Eagle  symbol  is  a  registered  trademark  of  the  United  States  Postal  Service.  ©2002  United  States  Postal  Service  WWW.USpS.COm/direCtmai  I 


I 


UNITED  STATES 


POSTAL  SERVICE 


Peer  to  Peer 


at  Tivoli  Systems.  I  was  more  comfortable  with  the  challenges 
of  the  position  by  then,  and  the  technology  was  already  reliable 
enough  to  free  me  up  for  some  actual  management  work. 

I  began  to  look  at  my  IT  department  as  an  organization  in 
and  of  itself.  After  all,  we  had  an  infrastructure.  We  developed 
products.  We  had  a  plan  and  a  strategy.  We  had  to  align  our¬ 
selves  with  the  needs  of  our  internal  customers.  The  only  thing 
we  were  lacking  was  a  marketing  and  sales  component.  So  we 
decided  to  create  one  and  promote  our  organization  within 
the  company. 

We  began  a  series  of  three  six-month  campaigns  to  reach 
out  from  our  IT  group  to  the  rest  of  the  company  with  some¬ 
thing  that  everyone  could  relate  to.  Our  slogan  for  the  first  cam¬ 


paign  was,  “We’re  All  in  the  Same  Boat,”  and  to  kick  it  off, 
we  painted  a  canoe  with  Tivoli  colors,  filled  it  with  ice  and 
beer,  and  presented  it  to  the  rest  of  the  company  at  a  Friday 
afternoon  beer  bash.  During  the  next  months  we  put  up  posters 
to  generate  awareness  and  excitement  for  the  follow-up  cam¬ 
paigns — “Row  the  Boat”  and  “Win  the  Race.” 

In  the  end  those  campaigns  were  a  huge  success  for  us,  and 
they  really  helped  the  people  in  my  division  feel  like  they  were 
part  of  something  unique.  The  effort  brought  us  together  as  a 
team,  and  in  the  mid-1990s,  happy  employees  were  a  major 
business  imperative. 

But  the  campaigns  were  also  for  the  folks  outside  the  IT 
department.  The  effort  got  people  from  all  over  the  orga¬ 
nization  to  notice  who  we  were  and  what  we  stood  for  within 
the  company.  I  soon  found  that  not  only  were  members  of  my 
team  more  satisfied  with  their  jobs,  but  I  started  getting  in¬ 
vited  to  lead  other  initiatives  beyond  IT,  eventually  heading  up 
the  company’s  leadership  and  communications  task  force  and 
some  other  cool  activities  outside  of  the  traditional  CIO  role. 
My  responsibility  grew,  and  thus  I  began  reporting  directly  to 
the  CEO. 

Now,  not  every  corporate  culture  would  allow  an  executive 
to  tote  a  canoe  full  of  beer  into  a  Friday  afternoon  gathering, 
but  our  campaign  at  Tivoli  was  just  one  example  of  how  today’s 
CIO  is  more  than  the  alpha  geek. 

Chief  information  officers  today  are  true  C-level  executives, 
and  as  such  they  are  being  asked  to  display  real  business  skills 
and  strategic  insights  that  can  benefit  the  company  as  a  whole. 
The  opportunities  for  CIOs  to  provide  new  kinds  of  value  for 


their  businesses — and  enhance  their  own  careers  in  the  pro¬ 
cess — are  greater  than  ever  before. 

Running  the  Business 

Today  at  Vignette,  I’m  involved  in  many  aspects  of  the  com¬ 
pany  outside  of  IT.  Since  Vignette  is  a  software  maker,  my  IT 
department  is  not  only  creating  the  next  killer  app  to  drive  our 
CRM  systems  forward,  but  we’re  using  our  own  software.  That 
in  turn  helps  our  sales  guys  go  out  and  prove  to  the  world  that 
what  we’re  selling  works. 

On  the  other  hand,  as  a  CIO,  I’m  constantly  getting  spammed 
by  solicitations  from  other  software  companies.  Most  of  these 
e-mails  and  letters  are  ineffective  for  one  reason  or  another,  and 

I  end  up  deleting  dozens  of  them  every 
week.  I’ve  started  talking  to  our  market¬ 
ing  folks  about  why  that  is — I  am,  after 
all,  the  spammers’  target  audience.  By 
all  accounts  my  experience  has  proven 
invaluable  to  our  marketing  staff,  and  I 
now  meet  regularly  with  them  to  strate- 
gize  and  offer  feedback  on  their  ap¬ 
proach  for  our  company.  Similarly,  I’ve  used  some  of  my  own 
contacts  within  the  CIO  world  to  help  our  sales  guys  get  a  foot 
in  the  door. 

The  extra  activities  have  continued  to  grow  to  the  point 
where  I’m  now  running  around  quite  a  bit.  Last  week  I  was 
on  the  East  Coast  meeting  with  major  client  prospects.  Next 
week  I’m  off  on  another,  similar  junket.  It’s  hectic  but  chal¬ 
lenging,  and  very  rewarding.  I’m  helping  to  run  a  business  at  the 
highest  level.  It’s  hard  to  believe  this  is  the  same  job  I  had  at 
Entex  nearly  10  years  ago.  Today  I’m  all  over  our  company 
and  all  over  the  country.  Back  then,  I  was  in  the  basement. 

It’s  partly  that  technology  itself  has  come  so  far — it’s  more 
reliable  and  more  valued  companywide.  But  it’s  also  largely 
because  I  made  a  conscious  effort  to  step  out  of  the  CIO  mold 
and  lead  my  organization. 

The  role  of  the  chief  information  officer  is  changing  in  many 
ways,  and  that’s  due  at  least  in  part  to  the  fact  that  we  are 
changing  it.  There’s  been  a  shift  in  perception  that’s  opened 
the  door  for  all  of  us  to  expand  our  responsibilities  and  our 
careers.  Maybe  you  won’t  end  up  wooing  the  company  with  a 
canoe  full  of  beer,  but  with  the  business  skills,  experience  and 
insight  that  CIOs  possess  today,  there  are  endless  opportuni¬ 
ties  for  you  to  bring  new  value  and  new  leadership  to  any 
organization.  BE] 


John  J.  Ciulla  is  chief  information  officer  at  content 
management  provider  Vignette  Corp.,  headquartered 
in  Austin,  Texas.  He  can  be  reached  via  e-mail  at 
jciulla@vignette.com. 


It’s  hard  to  believe  this  is  the  same  job  I  had  nearly 
10  years  ago.  Today  I’m  all  over  our  company  and  all 
over  the  country.  Back  then,  I  was  in  the  basement. 


5  0  CIO  JUNE  15,  2002 


www.cio.com 


f 


It’s  not  about  whether  you’re 
connected  or  how,  but  to  what 


degree. 


Welcome  to  one 


Welcome  to  business  with  .NET.  Another  day  of  business 
means  another  day  of  relentless  change.  As  an  IT  professional, 
you’re  charged  with  connecting  your  systems,  applications, 
and  people  in  a  way  that  delivers  the  flexibility  and  agility 
your  enterprise  needs  to  meet  the  pace  and  scale  of  change. 
At  the  same  time,  you’re  expected  to  do  more  with  less. 

Yet,  most  applications  and  databases  don’t  talk  to  each 
other  and  your  data  sits  locked  in  rigid,  proprietary  systems. 

What  you  need  is  a  way  to  extend  your  infrastructure 
that  can  compress  the  time  and  space  between  people  and 
information,  leaving  just  one  degree  of  separation.  That’s 
business  with  .NET  connected  software  from  Microsoft. 


Microsoft  is  a  member  of  the  Web  Services  Interoperability 
Organization,  an  open  industry  effort  to  promote  Web  services 
interoperability  across  platforms,  applications,  and  programming 
languages.  To  learn  more  about  WS-I,  its  mem-  _  ,  _ 

bers,  and  its  implementation  tools,  visit  ws-i.org  fV  w 


degree  of  separation 


XML  Web  services  will  take  you  there.  The  next 
evolution  of  business  on  the  Web  is  here.  XML  Web  services 
offer  programmable  and  reusable  technologies  that  leverage 
the  flexibility  of  the  Internet.  Now  you  can  have  constellations 
of  connected  applications  running  on  multiple  platforms 
delivering  information  to  all  your  customers,  businesses,  and 
employees.  And  the  best  way  to  build  and  deploy  XML  Web 
services  is  with  .NET  connected  software  from  Microsoft. 

.NET  connected  software  ties  it  all  together. 

XML  Web  services  are  based  on  a  set  of  common  open 
standards  including  XML,  SOAP,  WSDL,  and  UDDI,  as  defined 
by  the  World  Wide  Web  Consortium  (W3C).  Working  with 
Microsoft®. NET  connected  software  means  using  industry- 
standard  protocols  that  unify  your  legacy  code,  systems,  and 
applications  and  unlock  their  value.  Finally,  your  enterprise 
can  act  as  a  single  interoperable  whole. 

Delivering  a  clear  path  from  code  to  client. 

Many  promise  a  path  to  XML  Web  services,  but  only  .NET 


connected  software  from  Microsoft  offers  you  a  complete 
set  of  tools,  servers,  and  applications  for  transforming  your 
business  using  your  existing  infrastructure.  One  software 
solution  takes  you  all  the  way  from  code  to  client. 

“If  one  word  best  represents  the  past  year’s  most  significant  news 
story  in  software  development,  it  would  be  .NET.  If  you  were  to 
look  for  two  words^they  would  be  ‘Web  services.”’ 

— SD  Times,  “Web  Services,  .NET Highlight  2001,”  Alan  Zeichick,  1/1/2002 


All  you  need  to  create  and  use  XML  Web  services: 

•  Microsoft  Visual  Studio® .NET  and  the  .NET 
Framework— the  tools  to  build  them 

•The  Microsoft  Windows®  Server  Family— the 
platform  on  which  to  run  them 

•  .NET  Enterprise  Servers— the  application  servers 
to  deploy  them 

•  Microsoft  Office  XP  and  the  Office  XP  Toolkit— the 
applications  in  which  to  experience  them 


INFRASTRUCTURE 


i 


pipe  dream  and  pipeline. 


Where  your  CEO’s  vision  meets  IT  reality.  It’s  one 
thing  to  map  out  the  future.  It’s  quite  another  to  unlock  the 
value  in  your  infrastructure  that  will  get  you  there.  Fortunately, 
XML  Web  services  built  with  .NET  connected  software  make 
it  a  lot  easier  to  connect  the  code  and  systems  you  already 
have  to  each  other— and  to  the  new  stuff  you  need. 

You  don’t  rip  out  or  replace  legacy  systems.  But  you  do  bring 
new  capabilities  and  flexibility  to  your  existing  systems  that 
allow  you  to  leverage  your  investments  far  into  the  future. 

Your  code  and  systems  are  completely  connected. 

For  example,  rich  customer  data  may  currently  exist  in  multiple 
databases  and  applications,  requiring  your  sales  organization  to 
access  multiple  sources  to  build  an  account  profile.  By  using  XML 
Web  services,  you  can  unlock  that  data  and  make  it  available 
through  a  single  portal  targeting  multiple  clients,  such  as  laptops 
or  handheld  devices.  To  find  out  how  Microsoft  achieved  this  in 
100  days  for  its  own  sales  force,  visit  microsoft.com/enterprise 


How  Trans  World  Entertainment  cued  up  a  new  consumer 
brand  in  just  six  weeks  Using  .NET  connected  software,  they 
are  connecting  their  650  FYE  retail  music  and  video  stores  in  46 
states;  25,000  in-store  listening  and  viewing  stations  to  servers 
housing  200,000  audio  tracks  and  10,000  movie  trailers;  and 
their  Web  customers  to  personalized  content  at  FYE.com. 


Data  Feed 


J 


New  Apps 

XML  Web  services 


Product  Inventory 
Catalog  System 

Oracle  AS/400 


Customers 

Windows  XP.CE 


♦ 

I 

.L 


Data  Centers 

.NET  Framework,  IIS  5.0 


Ji 


Retail  Stores 

Windows  2000,  Windows  NT 


“.NET  has  enabled  us  to  achieve  widespread  brand  distribution 


across  a  broad  range  of  touch  points.” 

—Mark  Hogan,  VP  of  Marketing,  Trans  World  Entertainment 


fences  and  freedom. 


Your  isolated  data  becomes  shared  intelligence. 

Today,  much  of  your  data  sits  locked  away  in  proprietary 
systems.  .NET  connected  software  helps  you  open  the 
gate.  You  have  a  common  language  for  integrating  data 
and  applications,  so  information  flows  across  intranets  and 
extranets  to  those  who  need  it. 

"  We’ve  alrea  dy  seen  sig  nific  a  n  t  incre  me  nta  l_re  venuesand 

expect  the  trend  to  continue  as  we  leverage  the  .NET platform 
to  strengthen  and  extend  our  business  model-” 

—Peter  Osbourne,  Group  Manager,  Advanced  Technology  Group,  Dollar  Rent  A  Car 

The  result  is  a  far  more  flexible  infrastructure— one 
that  reduces  the  separation  between  the  elements  of  your 
business  to  just  one  degree.  By  connecting  your  customers, 
business  partners,  and  employees  directly  to  the  intelligence 
they  need,  you  streamline  operations  and  make  your  business 
more  agile,  responsive,  and  productive. 


Connecting  your  data  to  your  customers.  .NET  connected 
software  lets  you  build  flexible,  seamless  connections  between 
your  back-end  data  and  front-end  systems.  This  allows  you  to 
close  the  loop  with  your  customers,  deliver  more  relevant  content, 
and  build  more  dynamic  relationships. 


Connecting  business  partners  to  you  and  to  each  other. 
.NET  connected  software  helps  you  first  integrate  your  own 
applications,  and  then  quickly  and  cost-effectively  integrate 
your  systems  with  those  of  your  business  partners,  vendors, 
and  suppliers. 


Connecting  your  employees  to  business  intelligence. 
.NET  connected  software  makes  it  much  easier  to  let  employees 
unlock  the  information  value  stored  in  your  infrastructure.  Not 
only  will  they  have  access,  they  can  also  begin  using  powerful 
analytical  tools  to  empower  themselves  and  others. 


your  employees 


^  ROYAL  CANADIAN  MINT 


Solution:  Microsoft  Windows  2000  Advanced  Server  •  Microsoft  SQL 
Server™  2000  Enterprise  Edition  •  Microsoft  Commerce  Server  2000 


•  Microsoft  Content  Management  Server  2001  •  BizTalk  Server  2000 


^  DOLLAR  RENTACAR 


SOAP  Quick 

Processor  Keys 


Partner 


CD 

Dollar 

CD 

Dollar 

XML  Web  Services 

ACMS 

Windows  2000 


VMS 


Solution:  Windows  2000  Server  •  Microsoft  Internet  Information 
Services  5.0  •  SQL  Server  2000  •  BizTalk  Server  2000  •  VisualStudio.NET 
•  Microsoft  Mobile  Internet  Toolkit 


►  COMPUSA 


Solution:  Windows  2000  Advanced  Server  •  SQL  Server  2000  with 
Analysis  Services  •  ProClarity  reporting  client  for  store  managers  and 
corporate  staff  •  MATRA  Systems  solution  for  importing  data  from 
IBM  POS  systems  into  SQL  Server 


CUSTOMER 


SOLUTIONS 


◄ 


How  Royal  Canadian  Mint  used  .NET  connected  software  to  create  new  revenue  streams.  Founded  in 
1908,  the  Royal  Canadian  Mint  was  looking  for  new  and  better  ways  to  reach  out  to  customers  for  its  evolving  catalog 
of  precious  metal  collector  coins  and  jewelry.  With  .NET  connected  software  they  were  able  to  create  a  next-generation 
e-commerce  site  that  delivered  dynamic  content  management,  personalization,  and  advanced  business  analytics  while 
drawing  on  information  in  a  legacy  database  and  feeding  orders  through  an  existing  ERP  system.  Microsoft  BizTalk® 
Server  2000,  with  native  XML  support,  integrated  the  data  seamlessly  for  smoother  transactions  and  more  efficient  order 
processing.  To  see  a  webcast  on  redefining  the  online  enterprise,  visit  microsoft.com/solutions/msib 


How  Dollar  Rent  A  Car  used  .NET  connected  software  to  drive  new  business  partnerships.  Dollar  Rent  A  Car 
is  a  world-leading  car  rental  agency,  with  a  fleet  of  75,000  cars  and  more  than  250  locations  across  26  countries.  They 
saw  that  integrating  their  VMS-based  reservation  system  directly  with  partners  would  drive  sales  and  reduce  the  cost  of 
transactions.  Using  .NET  connected  software  and  BizTalk  Server,  they  were  able  to  develop  an  XML-based  trading  partner 
integration  solution  in  weeks  rather  than  months— a  75  percent  reduction  in  development  time.  The  same  solution  also 
helped  Dollar  to  significantly  reduce  transaction  costs  with  its  partners.  To  get  a  resource  and  evaluation  kit  for  this  case 
study,  go  to  microsoft.com/business/casestudies/b2c/dollarrentacar.asp 


How  CompUSA  used  .NET  connected  software  to  accelerate  business  intelligence.  CompUSA  had  228 
retail  stores,  a  services  division,  corporate  sales,  and  a  training  division.  Moving  forward,  they  wanted  to  maximize  the 
value  of  customer  and  sales  data  stored  on  a  reporting  system  on  an  AS/400;  an  SAP  system  running  on  SQL  Server 
2000;  Oracle  databases;  and  several  custom  solutions.  Using  .NET  connected  software,  CompUSA  was  able  to  extract  their 
POS  data  and  consolidate  it  in  a  central  data  warehouse  where  it  can  be  analyzed  in  near-real  time.  So,  store  managers 
can  see  what  adjustments  are  needed  to  meet  opportunities  as  they  arise.  To  see  a  video  report  on  this  story,  go  to 
microsoft.com/SERVERS/evaluation/casestudies/compusa.asp 


solo  and  symphony 


Call  on  over  1  million  partners  to  make  it  work. 

When  the  future  of  your  enterprise  is  at  stake,  it’s  good 
to  have  help.  Not  to  worry.  Work  with  Microsoft  .NET  con¬ 
nected  software  and  you’ll  be  accompanied  by  some  of 
the  world’s  leading  technology  consultants,  developers, 
and  services  organizations. 

You  can  develop  in-house,  or  work  with  Microsoft  Consulting 
Services.  And  once  you’ve  deployed  your  solutions,  Microsoft 
Premier  Support  can  help  you  maintain  them. 


Microsoft 

CERTIFIED 


Partner 


You  also  have  the  option  of  calling  on 
over  24,000  organizations  and  1  million 
experts  trained  as  Microsoft  certified 
professionals  who  will  be  there  to  help  you  design,  build, 
deploy,  and  maintain  Microsoft-based  solutions  for  your 


SERVICES  &  PARTNERS 


◄ 


enterprise.  With  so  much  support  behind  .NET,  you  have 
the  flexibility  of  choice.  No  matter  what  industry  you’re  in, 
there  are  qualified  partners  who  can  create  custom  solu¬ 
tions  that  fit  your  need  for  integration,  efficiency,  reliability, 
and  scalability. 

Whichever  route  you  choose,  Microsoft  offers  guidance 
in  the  form  of  standardized  methodologies  for  developing 
and  deploying  solutions.  To  learn  about  yoursupport  options, 
visit  microsoft.com/enterpriseservices 


Microsoft  has  alliances  with  the  largest  services  organiza¬ 
tions  in  the  world— including  Accenture,  Avanade,  Cap  Gemini 
Ernst  &  Young,  Compaq  Global  Services,  Dell,  EDS,  KPMG 
Consulting,  Unisys,  and  more— to  provide  Fortune  1000  companies 
with  complete  enterprise-class  solutions. 


between  you  and 
.NET  connected  software. 

With  Microsoft  .NET  connected  software,  you  can  close  the  gaps  in 
your  infrastructure,  leaving  only  one  degree  of  separation  between 
the  critical  aspects  of  your  business.  For  more  information  about 
the  tools  you  need  to  build  XML  Web  services,  the  servers  you  need 
to  deploy  them,  and  the  services  you  need  to  make  them  work,  visit 
microsoft.com/enterprise  Software  for  the  Agile  Business. 


Microsoft 


©  2002  Microsoft  Corporation.  All  rights  reserved.  Microsoft,  BizTalk,  Visual  Studio,  Windows,  and  Windows  NT  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  State' 
and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners.  KPMG  Consulting,  Inc.  is  an  independent  consulting  company 


rosoft  Corporation.  All  rights  reserved.  Microsoft  is  a  registered  trademark  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


COVER  STORY 
B2B  Partnerships 


YOU  MAY  NOT  know  it, 
but  you’re  leaving 
millions  on  the  table 
when  it  comes  to 
business-to-business 
e-commerce. 

In  this  special  two-part 
report,  we  show  you  how 
to  hurdle  the  two  main 
obstacles  that  stand 
between  you  and  all 
that  money:  the  security 
of  your  external 
connections  and  a  lack  of 
online  trading  partners. 

In  How  to  Practice  Safe 
B2B,  IT  and  security 
leaders  spell  out  their 
security  requirements 
for  their  online  partners 
and  explain  how  they 
make  sure  their  partners 
comply. 

In  How  to  Grow  Your 
B2B  Network  ( Page  60), 
companies  reveal  the 
techniques  they’re  using 
to  attract  new  partners, 
thereby  maximizing 
their  B2B  savings  and 
revenue. 

The  money  is  there. 

Go  for  it. 


how 


Before  swapping 
information  with 
multiple  e-commerce 
partners,  it  pays  to 
protect  yourself  by 
pushing  partners  to 
adopt  better  security 
practices 


BY  ERIC  BERKMAN 


James  Wade,  chief 
security  officer  for  the 
Federal  Reserve  System, 
advises  companies  to 
forbid  their  partners 
to  use  departmental 
passwords  for  B2B 
interactions. 


CO 

< 


X 

v— 

< 


CO 

o 

I— 

O 

X 

Q- 


IN  SUMMER  2000,  Visa  unveiled  its  “Digital  Dozen,”  a  list  of  security 
requirements  calling  for  firewalls,  encryption,  testing  and  access  policies 
that  its  service  providers  and  merchants  must  have  as  a  condition  of 
doing  business  with  Visa.  That’s  right — if  a  bank  or  merchant  can’t 
play  by  these  rules,  they  don’t  play  with  Visa. 

Visa’s  merchants  and  service  providers  must  annually  demonstrate 
compliance,  through  an  online  self-assessment  for  Mom-and-Pop 
shops  and  extensive  third-party  audits  for  merchants  or  service 
providers  handling  large  volumes  of  cardholder  information.  And  if  a 


Reader  ROI 

►  Learn  why  unsafe  B2B 
partners  threaten  your 
security 

►  See  the  requirements 
for  safe  B2B 

►  How  to  coax  reluctant 
partners  to  adopt  secure 
practices 


www.cio.com  •  JUNE  15.  2002  CIO  53 


COVER  STORY 

B2B  Partnerships  |  Security 


merchant  refuses  to  comply,  Visa  can  fine 
the  bank  that  processes  that  store’s  transac¬ 
tions.  Then  it’s  up  to  the  bank  to  punish  the 
merchants.  “Eventually,  if  we  don’t  have 
proof  from  an  independent  third  party  that 
you  qualify  with  our  requirements,  we  really 
don’t  want  you  to  take  the  card,”  says  John 
Shaughnessy,  Visa  USA’s  senior  vice  presi¬ 
dent  of  risk  management  in  Tampa,  Fla. 

Not  everybody  is  as  deadly  serious  about 


Checklist  for 

Secure 

Partnerships 

What  you  should  expect 
or  require  of  your  B2B  partner 

1.  Maintain  working  firewalls. 

2.  Keep  security  patches  up  to  date. 

3.  Use  and  update  antivirus  technology. 

4.  Maintain  a  comprehensive,  written 
security  policy. 

5.  Adhere  to  a  secure  application- 
development  methodology  and  build 
security  into  all  applications. 

6.  Utilize  access-control  and  authorization 
tools  appropriate  for  the  type  of 
information  to  be  accessed,  stored  or 
transmitted. 

7.  Encrypt  any  sensitive  information 
transmitted  over  the  Internet. 

8.  Maintain  active  threat-monitoring 
and  response  procedures. 

9.  Require  notification  of  any  security 
incidents. 

10.  Require  security  verification  through 
third-party  audit  or  penetration 
testing. 

11.  Segment  the  network  architecture. 

12.  Conduct  background  checks  for  all 
employees  who  may  access  your 
company’s  sensitive  information. 

13.  Require  contractual  indemnification 
for  damage  and  liability  caused  by  a 
partner’s  security  failure.  -E.B. 


B2B  e-commerce  partner  security  as  is  Visa. 
In  the  stampede  to  e-commerce,  most  com¬ 
panies  have  disregarded  the  security  of  their 
partners  and  their  role  in  exerting  pressure 
to  make  sure  they’re  safe.  “My  sense  is  that 
B2B  security  is  not  a  consideration  for  many 
organizations,”  says  James  Wade,  chief  secu¬ 
rity  officer  for  the  Federal  Reserve  System 
and  president  of  Framingham,  Mass.-based 
ISC2,  a  training  and  professional  certifica¬ 
tion  organization  for  IT  security  profession¬ 
als.  Many  B2B  relationships  spawn  from 
manufacturing,  marketing  or  some  other 
group  within  an  organization  without 
involving  IT  security. 

That  may  or  may  not  be  the  case  in  your 
company,  but  regardless,  it’s  your  responsi¬ 
bility  to  see  to  the  security  credentials  of 
your  B2B  partners.  “The  security  of  your 
B2B  partner  is  as  important  as  their  credit- 
worthiness,”  says  Paul  Gaffney,  CIO  of 
Staples,  the  office-products  retailer  based  in 
Framingham,  Mass. 

Indeed,  the  risks  of  working  with  a  non- 
secure  partner  are  frightening.  A  partner  that 
fails  to  secure  its  own  systems  could  become 
a  launch  pad  for  attacks  into  your  system. 
Someone  could  tamper  with  data  in  a  sup¬ 
plier’s  system,  such  as  switching  a  digit  in  a 
product  SKU  number.  Or  a  virus  could  dis¬ 
able  your  partner’s  systems.  Either  way,  your 
just-in-time  supply  chain  operations  will 
grind  to  a  halt.  Worst  of  all,  you  might  incur 
legal  liability  if  your  partner  exposes  your 
customers’  data.  “Your  customer  will  ask, 
‘Why  didn’t  you  investigate  this  partner?’ 
That  customer  can  sue  you,”  says  Dorsey 
Morrow,  general  counsel  for  ISC2. 

Of  course,  it’s  not  just  about  the  risks. 
Safe  B2B  e-commerce  carries  huge  business 
benefits  too.  In  fact,  companies  can  market 
the  security  of  their  B2B  programs  to 
enhance  customer  confidence  and  thus 
attract  additional  partners.  Safer  B2B  prac¬ 
tices  also  protect  against  glitches  and  out¬ 
ages,  preserving  the  critical  just-in-time 
nature  of  e-commerce,  which  keeps  the  rev¬ 
enue  flowing. 

With  so  much  to  lose  and  to  gain,  every 
company  should  establish  a  set  of  security 


expectations  for  its  B2B  partners,  drawing 
from  the  list  that  follows.  In  addition,  take 
heed  of  the  strategies  to  counter  resistance 
and  enforce  compliance  since  you  will  be 
dealing  with  companies  that  aren’t  under 
your  control. 

Requirements 
and  Expectations 

■  A  DOCUMENTED  SECURITY  POLICY 

Security  experts  say  every  company  should 
demand  to  see  its  B2B  partners’  written 
security  policy.  Lee  Holcomb,  CIO  of 
NASA  in  Washington,  D.C.,  says  that  is 
something  he’s  strict  about  because  he  uses 
online  connections  to  post  competition 
opportunities  and  pay  aerospace  vendors 
and  contractors.  He  expects  policies  to 
include  firewall  maintenance  and  patch- 
service  provisions  and  to  provide  for 
vulnerability  assessment  and  intrusion 
detection,  as  well  as  a  training  program  for 
systems  administrators  who  would  have 
access  to  sensitive  information.  “We’re 
dealing  with  astronauts  or  pilots  in  space,” 
says  Holcomb.  “Security  and  safety  are 
synonymous.” 

The  Federal  Reserve  typically  asks  for  a 
written  description  of  a  partner’s  security 
organization,  including  its  rules  and  respon¬ 
sibilities  and  where  the  security  function 
reports.  “If  security  is  buried  in  the  techni¬ 
cal  bowels  of  an  organization,  it’s  probably 
not  having  significant  influence  on  senior 
management,”  Wade  says. 

The  policy  should  also  identify  individu¬ 
als  managing  the  partner’s  security  program, 
adds  Harry  DeMaio,  a  director  in  Deloitte 
&  Touche’s  enterprise  risk  practice  in  New 
York  City. 

■  SECURE  APPLICATION 
DEVELOPMENT  PRACTICES 

In  most  B2B  relationships,  partners  grant 
limited  authority  to  pass  into  each  other’s 
systems  and  access  critical  information.  If 
your  partner  is  using  proprietary  applica¬ 
tions  that  touch  your  system,  security  must 
be  built  into  that  application.  Your  partner 
must  show  you  how  security  is  incorpo- 


54  CIO  JUNE  15,  2002  •  www.cio.com 


SOME  OPERATIONS  ARE  EASIER  WITH... 


Deploying  and  operating  mission-critical  applications  with  high 
availability  and  timely  delivery  requires  agility,  people  productivity 
and  operational  effectiveness.  You  need  proven  technology,  successful 
production  processes  and  most  of  all,  TEAMWORK. 

With  25  years  of  JCL  technology  and  expertise.  Diversified 
Software  can  help  you  leverage  your  internal  resources  to  achieve 
operational  effectiveness  and  maintain  competitive  advantage. 

With  mission-critical  operation  demands,  wouldn't  life  be  easier  with 
a  proven  partner? 

To  receive  our  white  paper  "Best  Practices  for  JCL  Asset 

Management  -  for  the  successful  deployment  and 
operation  of  mission-critical  applications",  call 
1 -877-265-2675  or  1 -408-778-9914,  or  visit 

www.diversifiedsoftware.com/operations 


Expertise  makes 
the  Difference 


Diversified 

Software 


©  Copyright  2002.  The  Diversified 


Software  Systems  logo  is  a  registered  trademark  of  Diversified  Software  Systems,  Inc. 


COVER  STORY 

B2B  Partnerships  |  Security 

rated  into  its  application  design,  develop¬ 
ment  and  deployment  plans,  says  DeMaio. 
Look  for  access  and  authorization  controls 
built  into  applications,  path  isolation  to 
ensure  that  the  app’s  user  goes  only  where 
he’s  allowed  to  go,  and  logging  and  recon¬ 
ciliation  to  provide  a  record  of  where  any 
user  has  been — matching  up  with  what 
he’s  done.  “Make  sure  the  application 
doesn’t  turn  off  or  ignore  other  security 
controls,  like  encryption,  associated  with 
the  [B2B]  system,”  adds  DeMaio. 

■  ACCESS  CONTROL  AND 
USER  AUTHENTICATION 

Lax  access  controls  within  your  partner’s 
systems  will  give  you  an  Excedrin  head¬ 
ache.  Ray  Bedard,  a  partner  in  Pricewater- 
houseCoopers’  supply  chain  practice  in 
Virginia  Beach,  Va.,  tells  of  a  company  he 
worked  with  that  failed  to  terminate  a 
departing  employee’s  access  to  its  B2B 
applications.  Before  the  employee  left,  he 
went  into  the  system  and  ordered  a  bunch 
of  goods  from  an  online  partner.  The 
goods  arrived  and  nobody  could  figure  out 
what  they  were  doing  there.  It  took  several 
hundred  man-hours  for  the  parties  to 
resolve  the  mess. 

To  avoid  that  sort  of  tampering,  compa¬ 
nies  should  require  partners  to  maintain 
strong,  active  password  programs.  Measures 
should  include  requirements  to  change  pass¬ 
words  frequently,  monitoring  and  logging 
of  password  usage,  tools  to  detect  easily 
guessed  passwords  and  a  central  authority 
to  set  access  policies.  Wade  adds  that  you 
should  forbid  your  partner  to  set  up  depart¬ 
mental  passwords  if  the  partner  accesses 
your  systems  through  its  network.  “This  is 
always  a  sticking  point  in  negotiations,”  he 
says.  “The  partner  always  wants  to  use 
some  easier  form”  of  password  protection. 

For  sensitive  information,  companies 
should  require  higher-level  access  and 
authorization  tools.  Ramana  Palepu,  CTO 
of  the  Worldwide  Retail  Exchange  in 
Alexandria,  Va.,  says  his  members  require 
public-key  infrastructure  authentication  tech¬ 
nology,  and  will  expect  digital  signatures  for 


Staples  CIO  Paul  Gaffney 
requires  B2B  partners 
to  encrypt  all  Internet 
transmissions  but  not 

jfc 

transmissions  sent  over 
private  networks.  “That 
would  be  overkill,” 


financial  settlement  and  payment  services  the 
exchange  may  offer  in  the  future.  But  for  less 
sensitive  transactions,  such  as  purchase 
orders,  auctions  and  item  tracking,  strong 
password  and  user-name  controls  suffice. 

■  ENCRYPTION 

Experts  and  practitioners  say  companies 
should  require  their  partners  to  use 
encryption  for  any  sensitive  information — 
customer  data,  marketing  strategy,  labor 
relations  and  unreleased  financials — 
transmitted  over  the  Internet.  The  Federal 
Reserve  is  constantly  dealing  with  finan¬ 
cial  information,  so  Wade  requires  any¬ 
thing  transmitted  between  the  Fed  and  its 
financial  and  banking  partners  to  be  prop¬ 
erly  secured. 

At  J.R  Morgan  Treasury  Services  in  New 
York  City,  Joe  Calaceto,  who  heads  up  secu¬ 
rity  as  vice  president  and  technical  director, 
requires  varying  levels  of  encryption  of  cus¬ 
tomer  information  such  as  account  numbers 
and  beneficiary  names  and  addresses. 

Gaffney  says  Staples  requires  its  B2B  part¬ 
ners  to  encrypt  all  Internet  transmissions, 


but  he  doesn’t  require  encryption  for  trans¬ 
missions  sent  over  private  networks.  “That 
would  be  overkill,  since  one  of  the  reasons 
we’re  paying  a  premium  for  a  private  con¬ 
nection  is  for  its  security,”  he  says. 

■  RESPONSE  PLANS 

DeMaio  says  the  response  plan  is  where  to 
expect  resistance  from  partners.  Most 
companies  focus  on  perimeter  defense 
because  it’s  sexy,  but  once  they  think 
nobody  can  get  in,  detailed  response  plans 
seem  like  overkill.  That  is  a  mistake,  and 
you  shouldn’t  let  your  partners  get  away 
with  it,  says  DeMaio.  “Too  many  organi¬ 
zations  will  simply  fade  and  say,  ‘OK,  you 
don’t  have  to  do  it.’” 

DeMaio  adds  that  partners  should  pro¬ 
vide  a  detailed  description  of  their  attack 
response  plan — and  it  should  be  designed 
around  specific  systems,  not  generic  boiler¬ 
plate  from  books  and  manuals. 

Also,  demand  that  partners  notify  you  of 
security  incidents  within  the  hour.  Charles 
Le  Grand,  director  of  technology  practices  at 
the  Institute  of  Internal  Auditors  in 


56  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  BY  JAY  BLAKESBERG 


The  only  thing  that  matters  is  the  bottom  line 

Customer  retention,  operational  efficiencies,  cost  reductions,  and  improved  revenues  -  these 
are  the  measures  of  ROI.  That's  what  Pegasystems'  software  solutions  have  been  delivering 
for  over  19  years  at  companies  like  Bank  of  America,  Chase  Bank,  and  Blue  Cross  Blue 
Shield  of  MA.  It's  about  Pegasystems'  superior  rules-driven  process  automation  solutions. 

If  you've  had  enough  BLAH  and  not  enough  ROI,  it's  time  for  Pegasystems  to  show  you  how 
to  impact  your  bottom  line.  Call  1-888- 78 1-PEGA  (7342)  or  visit  us  online  at  www.pega.com 


Where  Rules  Mean  Business. 


COVER  STORY 

B2B  Partnerships  |  Security 

Altamonte  Springs,  Fla.,  adds  that  you 
should  ask  to  see  your  partners’  criteria  for 
notifying  authorities  and  how  they’re  moni¬ 
toring  for  vulnerabilities.  For  example,  if 
they  operate  in  an  NT  environment,  urge 
them  to  keep  up  with  NT  BugTrack,  he  says. 

■  SEGMENTED  ARCHITECTURES 

Some  security  analysts  advocate  “seg¬ 
menting”  enterprise  architectures  into 
smaller  networks,  all  behind  separate  fire¬ 
walls.  That  way,  if  one  part  of  the  network 
is  compromised,  the  rest  remains  safe. 
Bethesda,  Md. -based  defense  contractor 
Lockheed-Martin  does  that — and  looks 
for  it  in  its  partners  too,  says  A.  Padgett 
Peterson,  Lockheed’s  senior  security  ana¬ 
lyst.  (For  more  on  Lockheed-Martin’s 
strict  security  parameters,  see  “Maximum 
Protection,”  at  www.cio.com/printlinks.) 

■  BACKGROUND  CHECKS 

If  it’s  standard  practice  in  your  own  organ¬ 
ization  to  conduct  background  checks  on 
employees  with  access  to  sensitive  data,  it’s 
x  reasonable  to  request  the  same  for  part¬ 
ners’  employees  who  also  have  access. 
Wade  declined  to  say  whether  he  requires 
background  checks  of  the  Fed’s  partners, 
but  he’s  required  it  while  working  at  other 
companies.  By  having  business  representa¬ 
tives,  not  just  IT  people,  involved  in  the 
negotiations,  you’re  more  likely  to  get 
your  partner  to  agree  to  background 
checks.  “It’s  difficult  for  many  IT  people  to 
appreciate  the  risks  involved  in  the  rela¬ 
tionship  being  established,”  he  says. 

■  COMPLIANCE  AUDITS 

Experts  and  practitioners  agree  the  best 
way  to  validate  compliance  is  through 
periodic  audits,  either  by  your  own  audi¬ 
tors  or  an  independent  third-party  security 
company,  as  Visa  requires.  Typically  the 
party  requesting  the  audit  will  foot  the  bill. 

The  most  security-conscious  organizations 
require  their  partners  to  submit  to  penetra¬ 
tion  testing  on  a  regular  or  random  basis.  But 
Le  Grand  says  that  is  an  extreme  measure, 
because  there  is  potential  to  bring  a  partner’s 


system  down.  “If  you  run  a  denial-of-service 
attack  just  to  see  how  they  recover,  the  recov¬ 
ery  will  be  expensive,”  he  says.  “So  you’d 
better  not  do  this  haphazardly  and  without 
agreeing  on  your  right  to  do  this.” 

Inducements 
and  Enforcements 

■  THE  CARROT 

If  you  work  for  a  powerful  company  with 
partners  that  absolutely  depend  on  your 
relationship,  like  Visa,  you  have  the  power 
to  make  demands.  Unfortunately,  most 
companies  don’t  fit  into  that  category. 
Instead,  they  must  come  up  with  carrots  to 
entice  partners  to  agree  to  their  terms  and 
incorporate  them  into  contracts. 

For  example,  if  your  partner  objects  to 
security  requirements  because  of  cost,  offer 
to  share  some  of  the  cost.  A  partner  “might 
balk  at  an  extra  few  hundred  dollars  to  pay 
for  the  setup  of  an  extra  server,”  says 
Calaceto.  “In  some  cases  we’ll  absorb  it 
because  we  want  a  more  secure  system.” 

Or  you  can  offer  to  include  your  partners 
in  your  security  software  licensing  agree¬ 
ments  to  save  them  a  few  bucks,  says  Le 
Grand.  Flere  Bedard  advocates  a  “match¬ 
ing  fund,”  where  a  company  offers  to  kick 
in  a  dollar  for  every  dollar  its  partner  spends 
complying  with  the  requirements. 

Finally,  Gaffney  suggests  offering  dis¬ 
counts  or  preferred-seller  status  to  partners 
that  accept  your  requirements.  “If  a  com¬ 
pany  associates  economic  value  [with  its 
requirements],  it  needs  to  be  part  of  the 
negotiation,”  he  says. 

■  THE  STICK 

Enforcement  is  an  issue  that  companies 
should  plan  for  in  advance,  with  the  hope 
of  never  having  to  exercise  the  stipulated 
penalties.  The  best  way  to  enforce  security 
requirements  is  to  establish  them  in  your 
B2B  engagement  contract.  That  provides  a 
specifically  delineated  recourse  should  the 
partner  fail  to  implement  sound  security 
measures.  According  to  ISC2’s  Morrow, 
the  ideal  recourse  against  a  lax  partner  is 
indemnification — an  agreement  that  if  you 


cio.com _ 

LEARN  MORE:  Read  about  the 

MAXIMUM  SECURITY  REQUIRE¬ 
MENTS  imposed  by  Lockheed-Martin 
and  Mt.  Sinai/NYU  Health  System  at 
www.cio.com/printlinks. 


get  sued  for  damage  caused  by  your  part¬ 
ner’s  breach,  the  partner  will  pay  you  back 
the  amount  of  the  judgment.  Of  course, 
that  requires  proving  that  your  partner 
was  truly  responsible. 

On  a  case-by-case  basis,  Staples  will  pro¬ 
vide  in  its  B2B  contracts  that  the  partner  will 
indemnify  Staples  for  damage  or  legal  lia¬ 
bility  stemming  from  the  partner’s  security 
lapses.  But  Gaffney  says  such  a  provision 
can  be  tough  to  secure.  “The  bigger  compa¬ 
nies — particularly  larger  software  pro¬ 
viders — tend  to  stick  hard  to  holding  back 
on  indemnification,”  says  Gaffney,  adding 
that  smaller  companies  might  agree  to 
indemnification  in  return  for  more  favor¬ 
able  pricing  or  product  distribution. 

Another  form  of  recourse  is  a  liquidated 
damages  clause — a  contract  provision  stat¬ 
ing  that  a  partner  that  doesn’t  live  up  to  its 
security  obligations  (resulting  in  contract 
cancellation)  will  pay  the  other  partner  a  set 
amount  of  money. 

Finally,  if  a  partner  violates  the  contract 
by,  say,  failing  the  audit,  you  have  the  right 
to  terminate  it.  But  think  twice  about  apply¬ 
ing  these  sticks  just  because  your  partner  has 
fallen  short  on  an  audit  or  failed  to  meet  a 
particular  requirement,  especially  if  you 
haven’t  been  harmed  as  a  result.  The  ulti¬ 
mate  objective  of  your  B2B  engagement  is  a 
productive,  profitable  relationship.  The 
minute  you  seek  to  terminate  the  contract 
or  collect  fines,  you’ve  likely  destroyed  the 
relationship.  You’re  much  better  off  working 
with  the  partner  to  remedy  its  lapses,  ensur¬ 
ing  a  safer  and  more  profitable  partnership 
for  the  future.  QBI 


How  do  you  maintain  safe  B2B  relationships?  Let 
B2B  Editor  Elana  Varon  know  at  evaron@cio.com. 
Eric  Berkman  is  a  former  senior  writer  at  CIO. 


58  CIO  JUNE  15,  2002  •  www.cio.com 


Rockwell 

FirstPoint 

Contact 


If  you  want  a  customer  contact 
solution  that  works  right  the  first 
time,  every  time  -  you  simply  have 
to  know  where  to  look. 


For  30  years,  we've  been  quietly  providing  over  2,500  global  companies  with  intelligent  technology 
that  enables  over  100  million  customer  interactions  a  day.  Word  travels  fast  when  you  consistently 
deliver  on  time  and  within  budget.  Isn't  it  time  to  leverage  your  investment  in  CRM  by  taking  a  new 
look  at  the  proven  industry  leader? 

Look  to  Rockwell  FirstPoint  Contact. ..where  intelligent  customer  contact  begins. 


1-800-416-8199 


www.rockwellfirstpoint.com 


COVER  STORY 

B2B  Partnerships  |  Recruitment 


Forget  the  80/20  rule, 
and  stop  wasting  money. 
You  need  to  get  the  rest 
of  your  trading  partners 
online  to  reap  a  real 
return  from  e-commerce. 

BY  MERIDITH  LEVINSON 


THE  NEXT  TIME  you  ’re  ready  to  brag 
about  your  company’s  B2B  e-commerce 
strategy,  hold  your  tongue.  Chances  are, 
you’re  leaving  millions  of  dollars  on  the 
table  in  spite  of  your  best  efforts  to  do  busi¬ 
ness  electronically  with  your  partners. 

Although  B2B  e-commerce  has  been  the 
talk  of  the  town  for  years  and  has  survived 
more  than  one  antihype  backlash,  the  truth  is 
that  few  companies  today  are  actually  trans¬ 
acting  the  bulk  of  their  business  through  elec¬ 
tronic  connections,  be  they  websites,  public 
or  private  exchanges,  one-to-one  links  with 
business  partners  or  EDI.  Aberdeen  Group 
reports  that  more  than  60  percent  of  suppli¬ 
ers  in  all  industries  continue  to  receive  orders 
via  fax  or  e-mail.  And  a  mere  4.5  percent  of 


60  CIO  JUNE  15,  2002  •  www.cio.com 


all  purchasing  dollars  are  transacted  through 
B2B  e-commerce,  according  to  a  2002  sur¬ 
vey  by  the  Center  for  Advanced  Purchasing 
Studies.  With  so  few  transactions  conducted 
electronically,  companies  are  missing  out  on 
the  full  value  of  B2B  e-commerce. 

Louis  Columbus,  a  senior  analyst  with 
AMR  Research  in  Boston,  says  procuring 
direct  materials  via  phone,  fax  or  e-mail  costs 
between  $160  and  $200  per  transaction, 
while  the  same  activity  executed  electroni¬ 
cally  rings  up  as  low  as  $40  per  transac¬ 
tion — a  fivefold  savings.  Aberdeen  Group 
estimates  that  automating  procurement 
activities  will  save  midsize  companies  $2  mil¬ 
lion  per  year.  And  that’s  not  to  say  anything 
of  the  cost  savings  resulting  from  better  sup¬ 
ply  chain  collaboration.  Indeed,  the  advan¬ 
tages  of  B2B  e-commerce  include  savings  in 
administrative  costs;  decreases  in  acquisition, 
purchasing  and  payment  cycles;  reductions 
in  errors  and  product  returns;  better  inven¬ 
tory  data;  and  incremental  revenue  growth. 

The  key  to  reaping  those  benefits  lies  in 
recruiting  the  multitude  of  business  partners 
that  have  yet  to  sign  on  for  your  B2B  trading. 

Of  course,  there  are  other  obstacles  to 
B2B  ROI  besides  participation:  legacy  sys¬ 
tems  ill-equipped  to  deal  with  B2B  transac¬ 
tions,  the  volume  of  legacy  processes  that 
need  to  be  mapped  and  automated,  and  the 
lack  of  standards.  Security  fears  are  also  a 
concern  for  many  companies  loathe  to  see 
their  data  flow  over  the  Web  into  compa¬ 
nies  that  aren’t  under  their  direct  control. 


(Read  about  how  to  secure  your  B2B  part¬ 
ners  in  “How  to  Practice  Safe  B2B,”  Page 
52.)  Nevertheless,  recruitment  remains  a  crit¬ 
ical  challenge. 

Forget  the  80/20  Rule 

Although  it  seems  intuitive  to  get  your 
biggest  customers  and  suppliers  on  board 
with  B2B  first,  you  must  devote  some  of 
your  efforts  to  automating  tier-two  and  tier- 
three  customers  and  suppliers.  While  the 
third  tier  may  generate  just  20  percent  of 
your  revenue,  those  companies  are  often  the 
most  costly  to  deal  with  per  transaction, 
making  their  conversion  to  cheaper  e-com¬ 
merce  all  the  more  urgent.  As  for  tier-two 
suppliers,  over  time  they’ll  become  tier  ones, 
says  Rowland  Archer,  CTO  of  Holcomb, 
Archer,  Heber  &  Tyler  Commerce,  a 
provider  of  software  that  facilitates  B2B 
trading  based  in  Research  Triangle,  N.C. 
“It’s  worth  looking  at  them  and  finding  out 
who’s  doing  the  volume  that  would  merit 
tight  integration,”  Archer  says. 

But  trying  to  get  these  smaller  partners 
doing  business  elec¬ 
tronically  can  seem 
like  an  insurmountable 
task.  Unless  you’re  Intel 
or  Wal-Mart  and  can 
force  your  partners  to 
comply  with  your  stan¬ 
dards,  you’ll  have  to 
use  the  subtle  strategies 
of  companies  such  as 


BorgWarner,  Celanese  Chemicals,  KeyNext, 
Panasonic  Industrial  and  Sigma-Aldrich. 
While  they’re  making  inroads,  these  com¬ 
panies  have  miles  to  go  before  they  reach  the 
land  of  B2B  gold.  Here  are  the  strategies 
they’ve  devised  and  used  in  their  recruitment 
efforts. 

Strategy  1 

TAKE  YOUR  CUSTOMERS’ 

B2B  TEMPERATURES 

Before  you  begin  warming  your  business 
partners  to  the  idea  of  using  the  Web 
instead  of  phone  or  fax,  you  must  first 
determine  their  readiness  for  B2B  e- 
commerce.  Sigma-Aldrich,  a  $1.2  billion 
manufacturer  and  distributor  of  chemi¬ 
cals,  has  more  than  doubled  the  amount  of 
business  it  does  electronically  each  year 
since  1999.  To  enable  those  gains,  the 
company  trains  its  field  sales  force  to  ask 
customers  questions  to  gauge  their  interest 
and  alacrity  in  e-business.  When  visiting 
customers,  the  sales  staff  asks  them  what 
they  know  about  e-business  and  if  they’ve 
tried  ordering  over  the  Web 
or  through  an  exchange. 
The  salespeople  also  ask  if 
customers  are  considering 
rebuilding  their  purchasing 
systems,  and  if  so,  how 
they’re  going  about  it  and 
whether  Sigma-Aldrich  can 
participate. 

“From  those  discussions, 


Why  you  should  recruit 
more  trading  partners  for 
B2B  e-commerce 

Five  strategies  for 
signing  up  partners 

Incentives  for  e-commerce 
resisters 


www.cio.com 


JUNE  15.  2002  CIO  61 


COVER  STORY 
B2B  Partnerships 


Recruitment 


we  identify  the  organizations  that  are  in  the 
midst  of  grappling  with  this  topic,  and  we 
partner  with  them  to  determine  the  prob¬ 
lems  and  pitfalls  associated  with  deploying 
enterprise-scale  procurement  systems,”  says 
Brad  Johnson,  Sigma-Aldrich’s  director  of 
e-business. 

Strategy  2 

APPOINT  AN  E-BUSINESS 
IMPLEMENTATION  MANAGER 

Although  your  sales  staff  can  identify 
prospects  for  B2B  recruitment,  you’ll  want 
to  designate  an  individual  or  team  that  will 
sell  one  or  several  of  your  business  part¬ 
ners  on  the  benefits  of  e-business  and  serve 
them  in  their  deployment  efforts.  This  rela¬ 
tionship  manager  should  discuss  with  the 
partner  technology  issues  such  as  infra¬ 
structure  and  data  transfer,  processes  for 
payment,  procurement,  invoicing  and 


order  fulfillment.  The  manager  must  work 
to  develop  an  understanding  of  what  the 
partner  wants  to  get  out  of  participating  in 
your  company’s  B2B  network. 

KeyNext,  the  e-business  arm  of  financial 
services  company  KeyCorp  in  Cleveland, 
has  a  sales  team  composed  of  relationship 
managers  that,  on  an  ongoing  basis,  works 
with  both  suppliers  and  buyers  who  par¬ 
ticipate  in  KeyProcure,  the  company’s  e- 
marketplace.  “Very  often  this  is  a  change 
management  issue  for  them,”  says  Amy 
Anderson,  KeyNext’s  director  of  technol¬ 
ogy  and  operations.  That’s  because  the  role 
of  purchasing  managers  generally  changes 
after  B2B  implementation.  Instead  of  han¬ 
dling  the  purchasing  process  centrally,  they 
redistribute  process  management  to  other 
buyers  in  the  company,  establish  a  new 
approval  process  and  manage  indirect  pur¬ 
chasing  more  strategically,  says  Linda 


Grandstaff,  KeyNext’s  president  and  CEO. 

Strategy  3 

SHOW  THEM  THE  MONEY 

Jack  Kalina,  BorgWarner’s  CIO,  says  that 
when  his  company’s  purchasing  organi¬ 
zation  set  out  to  involve  suppliers  in  B2B 
trading,  BorgWarner  had  to  demonstrate 
that  the  value  its  suppliers  would  realize 
would  exceed  any  cost  that  might  be 
incurred.  The  $2.7  billion  Chicago-based 
company  makes  transmissions,  systems 
and  components  for  engines,  four-wheel- 
drive  systems  and  fuel  systems  for  auto¬ 
makers.  BorgWarner  explained  to  its 
suppliers  that  connecting  via  GE  Global 
Exchange  Service’s  TradeWeb  exchange 
would  prevent  the  manual  error  of  trans¬ 
posing  part  numbers  and  quantities,  which 
would  reduce  the  number  of  returns  the 
supplier  would  have  to  process  or  excess 
inventory  concerns. 

“Nobody  changes  a  method  in  business 
unless  there’s  a  reasonable  level  of  comfort 
that  it’s  going  to  work  and  that  it’s  going  to  be 
cost-effective,”  says  Kalina.  Of  BorgWarner ’s 
800  suppliers  of  direct  materials,  400  are  con¬ 
nected  via  TradeWeb. 

Panasonic  Industrial  creates  a  value  case 
for  its  third-party  logistics  providers  that  are 
servicing  the  OEM  customers  so  that  the  cus¬ 
tomers  can  see  what’s  to  be  gained  from  link¬ 
ing  their  warehouses  to  Panasonic  Industrial’s 
ERP  system.  Sixty-five  percent  of  all  of 
Panasonic  Industrial’s  orders  each  year  are 
processed  electronically.  “I  researched  the 
total  quantities  of  offline  warehouses,  the 
number  of  transactions,  and  the  number  of 
entries  on  orders,  deliveries  and  invoices,” 
says  Ken  Jeanos,  group  manager  of  e- 
business  at  the  Seacaucus,  N.J.-based  com¬ 
pany.  “I  then  went  to  our  accounting  groups 
and  asked  how  often  they  find  discrepancies 
that  need  to  be  reconciled.  I  showed  these 
numbers  to  my  customers.”  Jeanos’s  cus¬ 
tomers  couldn’t  argue  with  his  math. 

Jeanos  also  calculates  cost  savings  from 
automating  business  processes.  For  example, 
he  determined  that  creating  and  sending  an 
order  and  an  invoice  electronically  takes  just 


“Too  many  companies 
devote  recruitment 
efforts  to  senior 
management.  The 

reality  is,  it’s 
lower-level  people 
who  can  really 
help  or  hinder 
your  B2B  activity.’’ 

-Brad  Johnson,  director  of  e-business,  Sigma-Aldrich 


62  CIO  JUNE  15,  2002  •  www.cio.com 


> 


greater  than  /  abbrev:  > 

You  know  just  as  good  isn't  good  enough.  Today's  leading  companies  have  to  be  greater  than  the 
competition  by  a  wide  margin.  At  Sprint,  we've  got  the  network,  the  people  and  the  services  that  can 
help  you  build  unequalled  and  sustainable  competitive  advantage. 

An  intelligent  network 

Advantage  one:  our  network.  It  was  built  from  the  ground  up  as  a  unified  whole.  (No  technological 
patchwork  here.)  That  means  we  deliver  unsurpassed  reliability  and  interoperability,  so  you  can  leverage 
existing  investments  in  systems  and  applications  and  migrate  to  our  latest  and  greatest  technology  —  like 
3G  mobile  solutions  for  greater  productivity  —  when  you're  ready.  In  fact,  we're  the  only  provider  that 
owns  and  operates  both  its  own  nationwide  wireless  and  wireline  access  to  your  critical  data  apps. 

A  network  of  intelligence 

Advantage  two:  our  people  and  services.  We  have  over  2,200  technical  and  support  professionals, 
including  1,500  trained  engineers.  Plus,  we're  an  industry  leader  in  on-staff  Cisco  Certified  Technicians 
and  Certified  Security  Specialists.  So  what  are  all  these  people  doing?  Answering  your  questions.  Building 
your  customized  applications.  And  working  to  help  ensure  your  systems  are  safe  and  secure. 

Greater  competitive  advantage  —  another  sign  of  an  intelligent  network  and  the  people  who  make  it 
work  (for  you). 


For  more  ideas  on  building  competitive  advantage,  access  our  library  of 
white  papers  at  sprint. com/whitepapers/10  or  call  1-877-519-1708. 


Sprint 


Copyright  ©  Sprint  2002  All  rights  reserved 


COVER  STORY 

B2B  Partnerships  |  Recruitment 

a  half  day  while  doing  the  same  thing  man¬ 
ually  takes  two  days.  To  determine  the  cost 
savings  associated  with  that  reduction  in 
processing  time,  Jeanos  multiplies  adminis¬ 
trative  costs  by  the  percent  of  time  each 
month  that’s  spent  on  those  activities. 

Strategy  4 

DON’T  FORGET  THE  END  USER 

Recruiting  partners  for  B2B  can  resemble 
selling  an  IT  project  inside  your  organiza¬ 
tion:  You  need  buy-in  from  end  users  as 
well  as  executives.  “Too  many  companies 
devote  adoption  to  senior  management,” 
says  Sigma-Aldrich’s  Johnson.  “The  real¬ 
ity  is,  it’s  the  lower-level  people  you  serve 
who  can  really  help  or  hinder  your  B2B 
activity,”  he  adds. 

While  it’s  possible  to  convince  purchas¬ 
ing  agents  and  other  executives  using  high- 
level  cost/benefit,  risk/reward  analyses,  such 
as  the  ones  Jeanos  whips  up,  the  key  to  win¬ 
ning  over  front-line  workers  is  to  understand 
their  needs  and  curb  their  fears  about  tech¬ 
nology  rendering  their  job  obsolete. 

Celanese  Chemicals  addresses  that  issue 
by  pointing  out  that  B2B  e-commerce 
won’t  replace  end  users  but  will  change 
their  role  from  executing  mundane,  repeti¬ 
tive  tasks,  such  as  tracking  down  purchase- 
order  approvals,  to  higher  value  activities 
such  as  procurement  analysis.  “We’re  defi¬ 
nitely  not  headed  toward  a  zero-person 
environment  anytime  soon,”  says  Bill 
Schmitt,  director  of  business  enablement  at 
the  $3  billion  company.  “There  is  so  much 
to  do  to  sort  out  the  complexities  of  this 
connectivity  that  people  who  now  do  the 
manual  processes  are  very  valuable.”  The 
Dallas-based  chemical  producing  unit  of 
Celanese  AG  does  10  percent  of  its  global 
business  through  its  e-commerce  site — 
ChemVIP.com — and  through  dedicated 
B2B  connections,  and  it  hopes  to  boost  that 
number  to  25  percent  during  2002. 

When  Sigma-Aldrich’s  e-business  team 
pitches  its  B2B  initiatives  to  customers’  pro¬ 
curement  departments,  it  homes  in  on  two 
selling  points  that  are  most  important  to 
those  workers:  efficiency  and  control.  Like 


cm.com _ 

Find  more  articles  and  resources  in 
our  Research  Center  on  B2B 
E-COMMERCE  at  www.cio.com/ec. 


Celanese,  the  team  promises  that  by  order¬ 
ing  through  Sigma-Aldrich’s  website,  by  par¬ 
ticipating  in  Pipeline  (its  private  exchange) 
or  by  setting  up  a  dedicated  B2B  interface, 
procurement  employees  will  spend  less  time 
on  repetitive  tasks  and  will  be  needed  to 
review  and  authorize  all  purchase  orders 
before  they  are  submitted.  They  are  also  able 
to  see  how  the  technology  will  make  their 
job  easier  by  giving  them  one  source — the 
website — for  checking  what  stock  is  in  and 
the  status  of  orders. 

Strategy  5 

HOLD  THEIR  HANDS 

For  business  partners  to  completely  and 
whole-heartedly  adopt  your  e-business  ini¬ 
tiatives,  you  must  assiduously  monitor  their 
interactions  to  see  whether  they  are  taking 
place  via  phone,  fax,  e-mail  or  the  Web.  If 
their  e-commerce  activity  seems  inconsistent 
or  end  users  seem  uncertain,  you  need  to 
provide  support. 

Sigma-Aldrich  uses  business  intelligence 
software  from  Cognos  to  track  customers’ 
buying  behavior  across  channels.  If  Sigma- 
Aldrich’s  implementation  manager  sees  that 
a  customer  used  the  Web  to  place  an  order 
once  but  then  used  the  phone  next  time,  he’ll 
contact  the  customer,  ask  if  he  is  having  prob¬ 
lems  and  offer  to  show  him  the  system  again. 
The  Web  customer  service  organization  uses 
software  from  Hipbone,  a  vendor  based  in 
San  Carlos,  Calif.,  to  take  control  of  the  cus¬ 
tomer’s  browser  and  guide  him  through  the 
process.  Until  the  customer  is  fully  up  and 
running  on  Sigma-Aldrich’s  website  or 
Pipeline  exchange,  the  company  continually 
follows  up  to  offer  assistance.  “We’ve  learned 
that  [adoption]  requires  this  continual  loop  of 
reinforcement,”  says  Johnson. 

But  support  costs  money.  Panasonic 
Industrial’s  Jeanos  carefully  determines 
which  partners  are  worth  this  effort  based 


on  business  volumes.  Though  he  hasn’t 
completely  sussed  out  the  math,  he  believes 
long-term  benefits  of  e-business  outweigh 
the  short-term  costs  of  providing  support. 
“I’m  not  doing  this  at  a  loss.  The  people 
who  are  working  on  it  are  supporting  other 
projects.  This  is  above  and  beyond  [their 
normal  responsibilities],”  he  says. 

Jeanos’s  IT  staff  helps  partners  with  deci¬ 
sions  on  potential  solutions,  testing,  coding 
and  formatting  data.  They  also  tell  them 
what  technical  issues  they  need  to  consider 
before  they  establish  the  first  connection. 
For  example,  assessing  what  mechanisms 
they  will  use  to  transfer  data,  how  they  will 
confirm  that  the  data  moves  from  point  A 
to  point  B,  and  what  they’ll  do  if  the  data 
doesn’t  make  the  connection.  Panasonic’s 
people  provide  support  remotely,  which 
helps  keep  costs  down. 

Reap  the  Rewards 

Most  companies  are  just  beginning  to  get 
traction  with  their  business  partners  on  their 
B2B  endeavors.  But  they’re  starting  to  see 
cost  reductions  and  a  handful,  like  Sigma- 
Aldrich,  are  witnessing  growth  in  incremen¬ 
tal  revenue  and  significant  cost  savings — to 
the  tune  of  $400,000  per  month  in  order¬ 
processing  costs. 

At  BorgWarner,  the  savings  are  signifi¬ 
cant  enough  that  “you  can  see  it  on  the 
annual  report  in  earnings  per  share,”  says 
Kalina.  “It’s  significant  enough  that  our 
stockholders  can  see  improvements.” 

Many  B2B  recruiters  may  not  be  able  to 
show  astounding  financial  results  right  now, 
with  the  economy  in  the  doldrums,  but  dis¬ 
cussing  e-business  initiatives  and  enablement 
with  business  partners  will  prepare  them  for 
the  turnaround,  says  Jeanos.  “Right  now 
times  are  bad.  But  when  our  customers  are 
ready  to  begin  [e-business]  projects,  we’ll 
have  made  it  easier  for  them  to  do  business 
with  us.”  HH 


What  partner  recruitment  tactics  have  worked  for 
you?  Tell  Senior  Writer  Meridith  Levinson,  who 
covers  B2C  e-commerce  for  CIO.  She  can  be 
reached  at  mlevinson@cio.com. 


64  CIO  JUNE  15,  2002  •  www.cio.com 


< 


less  than  /  abbrev:  < 

As  markets  sag  and  budgets  shrink,  we  know  you're  trying  to  do  more  and  more  with  less  and  less.  So 
here  are  just  a  few  ways  Sprint  can  help  you  create  more  value  for  a  lot  less  (less  hassle,  less  time,  less 
waste,  less  money  —  you  get  the  picture). 

One  source  from  voice  to  data  to  wireless 

Sprint  gives  your  business  the  advantage  of  one  single  point  of  contact  domestically  and  globally  for 
voice,  data,  Internet  and  managed  services.  Our  integrated  approach  means  everything  works  together  to 
help  you  lower  your  administrative  and  management  costs. 

Second  to  none  in  network  reliability 

Our  self-healing  SONET  ring  architecture  provides  99.999%  reliability.  (It  doesn't  get  much  better  than 
that.)  In  fact,  Sprint's  long  distance  network  had  the  fewest  FCC-reportable  outages  of  the  top  three  major 
competitors  for  the  sixth  straight  year.  So  you  get  the  virtually  error-free  data  and  voice  transmissions  that 
help  ensure  your  customers'  loyalty  and  your  company's  bottom  line. 

Customized  integration 

Sprint  lets  you  leverage  the  investment  you've  already  made  in  most  existing  systems  and  applications. 
But  when  you're  ready  to  move  to  new  technology,  we've  made  it  faster  and  more  affordable  by 
investing  in  interoperable  product  platforms.  (Our  network  boasts  seamless  interoperability  between 
IP,  Frame  Relay  and  ATM  platforms.)  And  using  existing  network  solutions  and  equipment  while  you 
adopt  new  technologies  can  drive  lower  capital  expenditures. 

More  value  at  a  price  that's  less  than  you  might  think  —  another  sign  of  an  intelligent  network  and  the 
people  who  make  it  work  (for  you). 


Find  out  how  to  create  more  value  with  invaluable  (but  free)  white  papers 
from  Sprint.  Visit  sprint. com/whitepapers/10  or  call  1-877-519-1708. 


Sprint 


Copyright  ©  Sprint  2002  All  rights  reserved. 


t 


Government  Outsourcing 


outsource 

CITY  HALL 

The  state  and  local  government  outsourcing  marketplace  was 
supposed  to  explode,  but  we’re  still  waiting  to  see  a  spark. 

It’s  time  to  devise  a  new  plan  to  revitalize  public  sector  IT. 

BY  TOM  FIELD 


Two  years  ago,  San  Diego  County  was  supposed  to  be  the 
proving  ground  for  wholesale  IT  outsourcing  of  local  and 
state  government  functions.  Its  seven-year,  $644  million 
pact  with  a  vendor  consortium  led  by  Computer  Sciences 
s  Corp.  (CSC)  was  said  to  be  the  first  wave  of  a  flood  of  new  public  sec- 

Li- 

|  tor  outsourcing  deals— all  of  them  aimed  at  making  government  faster, 
I  more  efficient,  more  e-businesslike  for  everyone.  As  the  deal  unfolded, 

CD 

|  government  CIOs  nationwide  had  one  eye  on  San  Diego  and  the  other 
|  on  their  own  preliminary  outsourcing  plans.  The  top  outsourcing  ven- 
1  dors,  fresh  from  Y2K,  promoted  the  state  and  local  government  mar- 


Reader  ROI 

Understand  why  state 
and  local  government 
IT  outsourcing 
is  a  bust 

Find  out  what  some 
governments  are  doing 
as  an  alternative  to 
wholesale  outsourcing 


www.cio.com  •  JUNE  15,  2002  CIO  67 


Government  Outsourcing 


ketplace  as  their  Next  Big  Thing  (see  “High 
Anxiety,”  at  www.cio.com/printlinks). 

But  today,  San  Diego  is  a  mess.  After  some 
initial  successes,  the  two  principal  executives 
who  struck  the  deal  have  moved  elsewhere 
(never  a  good  thing  in  an  outsourcing  rela¬ 
tionship).  The  new  day-to-day  managers  are 
embroiled  in  such  a  bitter  behind-the-scenes 
dispute  over  costs,  service  levels  and  a  late 
ERP  rollout  that  CSC  has  imposed  a  gag 
order  on  the  account,  for  fear  of  igniting  a 
public  war  of  words.  And  the  lucrative  state 
and  local  government  outsourcing  bonanza 
that  was  supposed  to  develop  right  after  San 


Diego’s  ink  dried  has  never  materialized. 

CIOs  who  remain  committed  to  out¬ 
sourcing — but  are  wary  of  following  San 
Diego’s  lead — are  trying  different  tacks,  such 
as  breaking  out  smaller  pieces  for  vendors. 
But  by  and  large,  across-the-board  outsourc¬ 
ing  of  state  and  local  government  has 
become  a  prospect  that  never  quite  got  off 
the  ground — and,  because  of  several 
intractable  hurdles,  it  probably  never  will. 

Even  Rock  Regan,  the  state  of  Con¬ 
necticut  CIO  who  has  long  been  the  poster 
boy  for  state  and  local  government  out¬ 
sourcing  (see  “Connecticut  Antes  Up,”  at 


CHICAGO:  A  Qualified  Approach 


The  Housing  Authority  wants  competitive  bids  for  short-term 
projects  only.  But  vetting  vendors  is  a  long-term  process. 


WALTER  SMITH,  CIO  OF  THE  CHICAGO  HOUSING  AUTHORITY,  WANTS  TO  TRY 
something  a  little  different.  Traditionally,  when  cities  (including  Chicago  in  the 
past)  outsource  technology,  they  issue  RFPs,  then  sign  a  multiyear  deal  with  a 
vendor  to  take  over  an  IT  process. 

But  Smith’s  new  approach  is  to  issue  RFQs— requests  for  qualifications— so  that 
he  can  develop  a  list  of  prequalified  vendors  for  any  IT  task  imaginable.  Then  he 
can  accept  competitive  bids  on  individual,  short-term  projects  such  as  PC  and 
network  upgrades.  “We're  looking  at  outsourcing  from  a  strategic  sourcing  per¬ 
spective,  rather  than  as  a  long-term  solution,”  Smith  says.  “We’ll  manage  the 
vendors,  but  we  won’t  hire  them  for  long-term  engagements." 

The  advantage  of  Smith’s  idea:  Rather  than  tie  up  city  money  to  have  vendors 
sitting  on  the  bench  while  between  projects,  he  pays  for  exactly  the  work  that  needs 
to  be  done,  when  it  needs  to  be  done.  Smith  says  this  move  will  result  in  an  addi¬ 
tional  cost  savings  of  10  percent  to  15  percent  during  the  next  three  to  five  years. 

The  challenge,  however,  is  doing  the  due  diligence  to  prequalify  vendors.  He’s  put 
together  a  cross-functional  team  from  his  legal,  finance,  IT  and  user  groups  to  study 
the  marketplace  and  certify  the  vendors.  But  it’s  become  an  ongoing  process— not  a 
one-time  deal— because  new  projects  and  new  vendors  keep  arising. 

In  the  first  18  months  of  his  administration,  Smith's  approach  has  worked  well 
enough  that  it’s  being  copied  by  other  Chicago  agencies  as  well  as  public  hous¬ 
ing  authorities  across  the  country.  And  if  the  vendor  community  doesn’t  like  the 
extra  level  of  competition  and  price-cutting  to  stay  in  contention,  that’s  just  too 
bad.  “If  they  want  to  do  business  with  the  authority,  then  they  have  to  compete 
with  other  vendors,”  Smith  says.  “With  the  market  the  way  it  is,  we  can  afford  to 
do  it  this  way.”  -T.F. 


www.cio.com/printlinks),  now  says  if  he 
had  the  chance  to  outsource  all  over  again, 
he’d  take  a  very  different  tack.  “Knowing 
what  I  know  now,  if  we  outsourced  we’d  do 
it  in  chunks — not  all  at  once,”  says  Regan, 
who  is  the  current  president  of  the  National 
Association  of  State  CIOs  (NASCIO).  As  he 
surveys  the  national  landscape,  Regan  sees 
little  new  outsourcing  activity  in  the  public 
sector.  He  attributes  part  of  the  stall  to  the 
recession.  But  mostly  he  cites  what  he  now 
sees  as  the  fatal  flaw  of  wholesale  outsourc¬ 
ing  in  local  government:  too  much,  too 
soon.  “Too  much  change,  too  much  poli¬ 
tics,  too  many  battles,”  he  says. 

Why  Can’t  We  All  Just  Get  Along? 

Outsourcing  is  a  proven  business 
strategy  in  the  private  sector,  so 
why  can’t  it  work  in  City  Hall? 
Part  of  the  problem,  says  Howard 
Lackow,  senior  vice  president  at  The 
Outsourcing  Institute  in  Jericho,  N.Y.,  is 
the  fundamental  disconnect  between  big 
business  (which  wants  to  move  fast)  and 
municipal  government  (which  traditionally 
moves  slow).  “Government  is  so  archaic 
and  cumbersome,”  Lackow  says.  “The 
whole  objective  [of  outsourcing]  is  to  try 
to  streamline  government,  but  that  doesn’t 
seem  to  happen.” 

Although  outsourcing  might  at  first  seem 
cost-effective  for  CIOs  and  lucrative  for  ven¬ 
dors,  once  projects  are  under  way  both  par¬ 
ties  find  themselves  spending  a  lot  more  time, 
money  and  energy  than  expected.  Just  ask 
CSC,  the  $10.5  billion  IT  services  provider 
based  in  El  Segundo,  Calif.,  whose  Pennant 
Alliance  consortium  has  already  exceeded  its 
projected  investments  in  San  Diego  County 
by  about  $10  million  and  300  extra  people. 
“Government  takes  a  lot  more  hand-hold¬ 
ing,  care  and  feeding  than  people  expect,” 
Lackow  says,  and  as  a  result  there  are  fewer 
clients  or  vendors  willing  to  take  the  risk. 

But  beyond  unforeseen  expenses,  which 
can  dog  any  IT  project,  public  sector  out¬ 
sourcing  poses  some  unique  challenges — any 
one  of  which  could  kill  a  deal. 

The  scope  of  work.  Frankly,  state  and 


68  CIO  JUNE  15,  2002  •  www.cio.com 


■  ¥.*  fd 


‘4 j-i*  •  f'i ' 

M  ;V:  V 


}*: f  1 

’  ■"*&*  •" 

•  '  t 


■ 


■J 


if  7.  V;  ; 


m 


■HMH 


m  i|  I#  i 

<f^P  ' 


1  -I 


h 


WiB 


WM 


Wmmm 

life'-.: 


■M 


WMl 


When  you  set  out  to  conquer  e-business  challenges,  success  or  failure  often  hinges 
on  your  technology  partner.  Consider  the  partner  that  4  out  of  5  FORTUNE  500 
companies  already  trust:  Sterling  Commerce.  With  a  25-year  track  record  of 
helping  businesses  successfully  improve  performance  and  operating  metrics, 
no  partner  is  more  dependable  or  more  knowledgeable. 


Integrating  existing  processes?  Developing  new  ones?  Building  entire  electronic 
trading  communities?  Look  to  us  for  dependable  software  and  services. 

It's  all  a  matter  of  confidence. 


sterling  commerce  B2B  done  dependably 


www.sterlingcommerce.com 


£2002  Sterling  Commerce,  Inc.  ALL  RIGHTS  RESERVED.  Sterling  Commerce  and  the  Sterling  Commerce  logo  are  trademarks  of  $t«'  ng  Comm* 
Sterling  Commerce  is  an  SBC  Communications  Inc.  company 


Government  Outsourcing 


local  government  IT  is  in  worse  shape  than 
one  might  think.  Because  IT  investments 
have  been  spotty  at  best  in  most  agencies, 
the  equipment  is  old,  the  networks  are 
patched  together,  and  the  information  silos 
are  unbreached.  It  being  the  public  sector, 
political  turf  is  fiercely  protected.  Even 
though  both  sides  in  the  San  Diego  contract 
did  their  due  diligence  before  inking  the 
pact,  the  county  never  really  knew  what  it 
had  for  IT  assets — much  less  what  shape 
they  were  in.  And  no  amount  of  homework 
prepared  CSC’s  Pennant  Alliance  for  the 
amount  of  work  that  needed  to  be  done  just 
to  get  the  county’s  creaky  infrastructure 
ready  for  upgrading.  “We  knew  the  triage 
work  was  going  to  be  complex  and  difficult, 
but  it  was  more  than  we  expected,”  says 
CSC’s  Richard  Jennings,  the  former  project 
manager  of  the  San  Diego  contract.  To  com¬ 
plicate  matters,  all  the  work  has  had  to  be 
done  while  maintaining  high  levels  of  pub¬ 
lic  service.  “We’re  changing  the  engine  in  a 
car  that’s  moving,”  Jennings  says. 

The  publicity.  Even  though  most  private 
sector  outsourcing  deals  are  conducted 
between  publicly  held  companies,  the  nego¬ 
tiations  are  still  held  in  private.  Not  so  in 
government,  where  every  bid  is  a  public  doc¬ 
ument.  The  government  executives  are  used 
to  this  transparency  (not  that  they  like  it), 
but  the  vendors  aren’t.  “It’s  a  turnoff,” 
Lackow  says.  “From  the  vendor’s  perspec¬ 
tive,  even  if  you  lose  the  contract,  suddenly 
your  pricing  structure  is  public.”  And  from 
the  CIO’s  perspective... well,  would  you 
want  all  your  dirty  data  aired  in  public? 

The  unions.  Organized  labor  is  rarely  a 
great  obstacle  in  industry  anymore,  but  in 
government  the  unions  are  still  powerful 
enough  to  kill  an  outsourcing  project.  That 
is  what  happened  in  Connecticut,  where 
from  day  one  CIO  Regan  was  outgunned 
by  two  employee  unions  that  controlled  his 
IT  staff  and  lobbied  hard  against  his  plans. 
Ultimately,  Regan  and  the  governor  were  the 
ones  who  made  the  final  call,  but  it’s  safe  to 
say  that  the  unions  had  the  last  laugh  after 
Regan  pulled  the  plug  on  his  outsourcing 
proposal  in  June  1999. 


CONNECTICUT:  Rebuilding  a 


When  outsourcing  failed,  state  CIO  Rock  Regan  brought 
the  outsourcing  model  in-house 


SINCE  THE  STATE  OF  CONNECTICUT  ABANDONED  ITS  OUTSOURCING  INITIA- 
tive  three  years  ago,  CIO  Rock  Regan  has  been  rebuilding  his  IT  organization— 
literally.  More  than  just  arranging  org  charts  and  skill  sets,  Regan  has  had  to 
replace  his  aging  headquarters,  which  was  actually  condemned  last  year  (see 
“Between  a  Rock  and  Hard  Place,”  at  www.cio.com/printlinks ). 

So  now  in  a  new  facility,  Regan  is  managing  a  new-look  IT  department— a  cen¬ 
tralized  group  that  manages  IT  across  all  65  of  the  state’s  different  agencies.  As 
opposed  to  the  old  decentralized  approach  in  which  the  state  basically  had  dozens 
of  different  IT  departments  at  odds  with  one  another  over  standards  and  purchas¬ 
ing,  today’s  central  IT  organization  deploys  a  standard  set  of  technologies  and 
services  to  its  agency  clients.  “We’ve  essentially  adopted  the  outsourcing  model, 
but  we've  become  the  outsourcer,”  Regan  says.  “We’ve  become  the  vendor.” 

So  far,  the  new  group  has  been  able  to  upgrade  infrastructure,  networks 
and  information  security  across  the  agencies,  as  well  as  initiate  some  new 
e-government  projects  and  a  new  statewide  ERP  rollout. 

The  results  appear  to  have  been  mixed.  A  2001  satisfaction  survey  by  the  state's 
Office  of  Policy  and  Management  found  that  72  percent  of  respondents  labeled  IT’s 
efforts  either  fair  or  poor,  with  only  28  percent  labeling  it  good  or  excellent.  But  the 
timing  of  that  survey  was  poor,  Regan  says,  because  it  fell  amid  the  IT  group’s 
relocation.  “The  biggest  issue  we  had  at  the  time  was  communication  [with  the 
agencies],”  he  says.  Since  then,  he  believes  relationships  with  the  agencies  have 
improved,  and  that  a  new  satisfaction  survey  would  show  better  results. 

But  no  matter  how  much  the  state's  IT  efforts  may  have  improved  in  a  year, 

Regan  still  wishes  traditional  outsourcing  had  proved  successful  in  Connecticut. 

Yet  he  also  accepts  the  reality  of  his  situation  and  limitations.  “We’re  trying  to  meet 
our  needs  through  other  means,”  he  says.  -T.F. 


Organized  labor  was  less  of  an  obstacle  in 
San  Diego,  where  fewer  IT  staffers  were 
union  members.  But  after  the  deal  was  done, 
the  union  kept  the  county  busy  with  requests 
for  sensitive  documents  and  even  audits. 
“We  want  them  to  do  an  internal  audit  [of 
the  outsourcing  initiative]  and  prove  they’re 
good  managers,”  says  Mary  Grillo,  execu¬ 
tive  director  of  the  local  2028  Service 
Employees  International  Union,  which  had 
50  members  in  county  IT  before  it  was  out¬ 
sourced.  “I  think  they’re  afraid  of  what 
they’re  going  to  find.”  Again,  government 
people  are  used  to  this  politicking,  but  the 
vendors  find  the  constant  tug-of-war  tax¬ 


ing.  “The  union  does  not  advocate  privati¬ 
zation  of  services,”  says  Jennings,  “so  they 
want  to  use  us  as  a  poster  child  for  ‘don’t 
outsource’  in  general.” 

San  Diego:  What  Went  Wrong? 

San  Diego  started  out  with  promise.  In 
the  first  1 8  months  of  the  outsourcing 
deal,  which  kicked  off  in  December 
1999,  the  Pennant  Alliance  replaced  nearly 
22,000  telephones,  installed  7,200  new 
desktop  PCs,  replaced  the  county’s  LAN  and 
WAN,  and  relocated  all  the  major  data  cen¬ 
ters.  Service  levels,  which  had  never  even 
been  measured  prior  to  outsourcing,  started 


70  CIO  JUNE  15,  2002  •  www.cio.com 


Quantum's  StorageCare™  Managed  Services  safeguard  valuable  corporate  data  by  using 
best-in-breed  technology,  industry  best  practices  and  proven  processes  to  remotely 
manage  all  backup  and  restore  functions  and  provide: 

•  Guaranteed  on-time  execution  and  monitoring  of  your  scheduled 
backups  on  a  7  x  24  x  365  basis 

•  Management  of  multi-vendor  environments  with  a  single  phone  call 

•  Restoration  of  lost  or  corrupt  data  quickly  and  accurately 

Quantum.  We  don't  sleep.  So  you  can! 

For  more  information  about  StorageCare  Managed  Services  and  to  RECEIVE  A 
FREE  DOWNLOADABLE  DATA  RECOVERY  PLANNING  EXCERPT  from  industry 
expert  John  Toigo's  renown  book.  Disaster  Recovery  Planning,  visit  us  on-line  or 
to  speak  to  a  StorageCare  Professional  today,  call  toll-free  800-677-6268,  select 
option  2. 

StorageCare  www.QuantumATL.com/ManagedServices 


Quantum 


Managed  Services 


Government  Outsourcing 


out  shaky  with  more  outages  and  dissatisfied 
customers  than  anyone  anticipated.  But  by 
last  August,  satisfaction  across  the  board 
ranged  from  95  percent  to  100  percent. 

Still,  despite  the  high  satisfaction  levels, 
there  were  some  major  screwups  in  the  first 
18  months,  the  biggest  being  Pennant’s  inabil¬ 
ity  to  get  all  county  employees  on  a  common 
e-mail  platform.  The  vendor  paid  a  $250,000 
penalty  for  that  failure — the  single  highest 
fine  it’s  faced  in  San  Diego,  so  far.  In  all, 
Pennant  shelled  out  between  $2.1  million  and 
$3.5  million  in  penalties  in  2000  (the  amount 
depends  on  which  side  you  ask)  mostly  for 
missed  service  levels,  but  nothing  in  2001. 


Then  two  things  happened  to  send  this 
already-rocky  relationship  into  a  spiral. 
First,  in  unrelated  moves,  the  two  principals 
in  the  deal,  county  CTO  Tom  Boardman 
and  CSC  Vice  President  Jennings,  were  reas¬ 
signed  in  early  2001.  Boardman  was  sent 
on  an  emergency  assignment  to  the  county 
district  attorney’s  office  to  fix  the  faulty  child 
support  system.  He  was  replaced  by  Lana 
Willingham,  a  30-year  county  official 
coaxed  out  of  retirement  to  temporarily 
manage  the  outsourcing  team.  Jennings, 
meanwhile,  was  promoted  to  other  regional 
accounts  and  replaced  by  one  of  his 
deputies,  Kristine  Buitenhek.  Typically, 


MINNEAPOLIS:  Once  More  into 


Can  this  city’s  outsourcing  plans  succeed  where  others  have 
failed ?  Budget  deficits  increase  the  odds. 


HE  KNOWS  THE  RISKS,  BUT  HE  STILL  WANTS  TO  GIVE  IT  A  SHOT.  KARL  KAISER, 
CIO  of  the  city  of  Minneapolis,  is  issuing  an  RFP  to  outsource  “the  break-and-fix 
business”— all  the  city’s  desktops,  networks,  help  desk  and  support  staff.  “I’ve 
decided  that  60  percent  of  my  money  and  management  go  into  that  break-and-fix 
business,”  Kaiser  says.  “I  want  to  refocus  on  becoming  an  information  services 
provider  rather  than  a  maintenance  organization.” 

He  has  the  same  compelling  argument  the  state  of  Connecticut  and  San  Diego 
County  used  to  promote  outsourcing:  that  a  single  vendor  could  beef  up  the  city’s  IT 
infrastructure  and  simultaneously  reduce  the  cost  of  doing  business  by  as  much  as 
$12.5  million  over  seven  years. 

But  Kaiser  also  faces  the  same  challenges  that  have  crippled  those  other  initia¬ 
tives— changing  the  way  government  does  business  and  selling  the  change  to 
powerful  labor  unions.  So  far,  Kaiser  has  persuaded  a  majority  of  the  City  Council  to 
at  least  support  his  outsourcing  RFP,  which  was  supposed  to  hit  the  streets  in  April. 
If  all  goes  as  planned,  Kaiser  hopes  to  return  to  the  council  with  a  winning  bid  and  a 
contract  proposal  in  July. 

The  Minnesota  Public  Employees  Association,  which  stands  to  lose  45  members 
(including  its  chapter  president)  through  outsourcing,  is  bracing  for  a  fight,  how¬ 
ever.  “They're  powerful— labor  does  have  a  strong  influence  on  who’s  elected,” 
Kaiser  says.  But  he  feels  his  business  case  for  outsourcing  is  even  more  powerful. 
“The  state  government  is  in  a  $2  billion  deficit  and  is  actually  trying  to  get  money 
back  from  the  cities,”  Kaiser  says.  “Our  timing  couldn’t  be  better.” 

But,  then,  Connecticut  and  San  Diego  County  felt  the  same  way.  And  today  they 
know  better.  -T.F. 


changes  at  the  top  mean  an  outsourcing  deal 
is  in  trouble,  but  at  the  time  these  moves 
seemed  innocuous.  Then  came  ERR 

ERP  was  to  be  the  highlight  of  year  two. 
By  January  2002,  CSC  was  scheduled  to 
have  rolled  out  two  county  wide  ERP  proj¬ 
ects — PeopleSoft  in  HR  and  payroll,  Oracle 
in  finance — and  then  the  county  could  start 
enjoying  the  information  efficiencies  that 
executives  had  promised  all  those  months 
ago.  But  the  project  was  taking  longer  than 
expected,  and  the  two  sides  had  become  tan¬ 
gled  in  scope  creep  and  disagreements  over 
contract  renegotiation.  The  result:  a  big  dip 
in  end  user  satisfaction  and  impatient  saber 
rattling  from  the  county — specifically  from 
Willingham,  a  hardline  negotiator  who  saw 
this  delay  as  a  clear  example  that  the  county 
wasn’t  getting  its  money’s  worth  from  CSC 
and  the  Pennant  Alliance.  “We  negotiated 
service-level  agreements  that  amount  to  us 
getting  a  Cadillac,”  Willingham  says,  “but 
we’re  actually  getting  a  Volkswagen.” 

Frustrated  by  the  vendors’  inability  to 
even  set  a  new,  firm  deadline  for  the  ERP 
rollout,  Willingham  withheld  $45  million 
in  payments  owed  to  CSC  until  the  proj¬ 
ect’s  completion.  Her  message  with  this 
shot  across  the  bow:  Pennant  should  do 
what  it  signed  on  to  do.  Now.  “In  govern¬ 
ment,  you  expect  everything  in  a  service 
agreement  to  be  provided,”  she  says.  “But 
in  the  private  sector  everything  seems  to  be 
subject  to  constant  rethinking.  They  must 
meet  all  the  agreements,  not  just  tell  us 
which  ones  we’ll  get.” 

CSC  executives,  sensitive  to  the  glass¬ 
house  effect  of  conducting  business  in  pub¬ 
lic,  won’t  discuss  the  ERP  flap,  confirming 
only  that  they’ve  slapped  a  gag  order  on  all 
principals  involved  in  the  account,  just  so 
no  one  will  say  anything  incendiary. 

What  next?  This  mess  could  get  messier. 
With  five  years  left  to  go  in  the  contract,  and 
with  finances  and  reputations  at  stake,  both 
sides  have  every  reason  to  want  this  mar¬ 
riage  to  work.  Neither  would  benefit  from 
the  publicity  or  political  fallout  of  an  out¬ 
right  failure.  But  they  also  have  termination 
clauses  they  can  invoke.  If  this  ERP  con- 


72  CIO  JUNE  15,  2002  •  www. cio.com 


Requires  additional  software  which  is  sold  separately.  Speak  to  your  authorized  Canon  dealer.  Canon  is  a  registered  trademark  and  IMAGERUNNER  and  Canon  Know  How  are  trademarks  of  Canon  Inc.  IMAGEANYWARE  is  a  service  mark  of  Canon  U.SA,  Inc  ©2002  Canon  U.S.A.,  Inc 


imageRUNNE  R™ 


Overnight 

Delivery 


mAr'1** 


j 


A  box  that  delivers  paper  documents  anywhere  overnight? 
Or  a  box  that  delivers  them  instantly  over  the  internet? 


The  Canon  imageRUNNER  with  document  distribution  technology. 

You  can  send  paper  documents  anywhere,  in  any  form,  at  anytime,  right  over  your  network  or  the  internet. 
Instantaneously.  Simply  scan  a  document  into  the  imageRUNNER  5000,  and  you  can  send  it  to  any  desktop, 
e-mail  address,  fax  machine,  database  or  file  server.  And  since  the  Canon  imageRUNNER  is  capable  of 
integrating  directly  with  your  existing  e-mail,  lanfax,  and  document  management  software,  you  can 
maximize  your  investment  in  these  systems*.  The  cost  and  hassle  of  overnight  delivery  are  finally  over. 
At  Canon,  we’re  giving  people  the  know-how  to  make  paper  documents  work  in  an  internet  world. 


SEND 

▼ 


e-mail 


desktop 


Call  1-866-25-CANON  or  visit  www.imagerunner.com 


Canon  KNOW  HOW 


Cisco  Systems 


Empowering  the 
Internet  Generation 


Voice  and  data  merge. 

Two  networks  become  one. 


SOLUTIONS  FOR  YOUR  NETWORK 


©2002  Cisco  Systems,  Inc.  All  rights  reserved.  Cisco,  Cisco  Systems,  the  Cisco  Systems  logo,  Empowering  the  Internet  Generation  and  Cisco  Powered  Network 
are  registered  trademarks  or  trademarks  of  "Cisco  Systems,  Inc,  . 


VPN/SECURITY 


IP  COMMUNICATIONS 


CONTENT  NETWORKING 


cisco.com/go/ipcommunications 


OPTICAL  NETWORKING 


STORAGE  NETWORKING 


WIRELESS  AND  MOBILE  OFFICE  + 


Isn't  it  time  you  combined  your  separate  networks  into  one  powerful  and 
integrated  enterprise  network?  With  Cisco  IP  Communications,  you'll  cut 
costs  and  discover  entirely  new  ways  to  compete  -  enabling  a  whole  new 
class  of  powerful  applications  never  before  conceivable  on  separate  networks. 


With  Cisco  AVVID  enterprise  architecture,  you  can  do  all  this  without  any  disruption. This  standardized  enterprise 
architecture  allows  you  to  seamlessly  integrate  voice,  video,  wireless,  and  data  applications  on  a  single,  scalable 


network.  This  includes  new  and  existing  technologies  alike.  Whether  you're  building  your  enterprise  network 
or  extending  it  with  Cisco  Powered  Network  services,  take  advantage  of  the  tools  below  to  get  it  done  right. 


r  IP  Phone  Demo 

Case  Studies 

Design  Guides 

Join  Discussion 

Cisco  Powered  Network 

Government  Outsourcing 


frontation  escalates,  then  local  government’s 
first  big  outsourcing  marriage  might  well 
become  its  first  big  divorce. 

Meanwhile,  there  have  been  more 
changes  at  the  top.  Willingham  slipped  back 
into  retirement  on  April  1,  to  be  replaced 
by  a  CTO-to-be-named-later  (Boardman  is 
staying  put  at  the  DA’s  office,  for  now).  But 
she’s  not  promising  to  stay  away  forever.  “I 
have  a  great  deal  of  loyalty  and  commitment 
to  the  county,”  Willingham  says.  “If  the  nec¬ 
essary  things  don’t  go  well  [with  this  deal], 
then  I  might  just  be  the  bad  penny  that  keeps 
showing  up.” 

Outsourcing  Alternatives 

So,  if  not  wholesale  outsourcing,  then 
what?  Some  municipalities  have  done 
very  well  without  outsourcing.  Phoe¬ 
nix,  for  example,  has  won  global  recogni¬ 
tion  for  its  efforts  to  create  a  wired,  Web- 
friendly  city  government — and  all  of  the  IT 
is  in-house.  The  differentiator,  though,  is 
that  Phoenix  recognized  the  importance  of 
IT  decades  ago,  and  city  leaders  have  con¬ 
sistently  invested  in  technology  projects  and 
staff.  “We’ve  never  had  to  spend  a  zillion 
dollars  to  catch  up,”  says  Danny  Murphy, 
CIO  of  the  city  of  Phoenix.  “Other  places 
that  haven’t  kept  up,  haven’t  invested,  are 
the  ones  that  are  backed  into  a  corner  and 
having  to  play  catch-up  now.” 

A  few  local  governments  have  found 
success  in  partial  outsourcing.  The 
Commonwealth  of  Pennsylvania,  for  one, 
has  successfully  outsourced  its  data  pro¬ 
cessing  functions.  The  Georgia  Technology 
Authority  (GTA),  the  state’s  IT  agency,  is 
circulating  an  RFP  to  outsource  its  telecom¬ 
munications  infrastructure  and  services. 
But  because  IT  outsourcing  is  so  new  to 
Georgia,  in  mid-March  the  state  legislature 

cio.com _ 

TALK  BACK:  Is  large-scale  outsourcing 
unworkable  in  the  public  sector? 

Go  to  the  WEB  CONNECTIONS  BOX 

at  www.cio.com,  click  and  let  us  know 
how  you  feel. 


introduced  a  bill  to  appoint  a  new  GTA 
overview  committee  to  keep  a  close  eye  on 
these  developments.  Was  that  shades  of 
conflicts  to  come? 

Some  public  sector  organizations  have 
devised  their  own  unique  twists  on  out¬ 
sourcing.  In  Chicago,  the  Public  Housing 
Authority  now  outsources  discrete  projects, 
not  processes,  to  prequalified  bidders  (see 
“Chicago:  A  Qualified  Approach  to  Out¬ 
sourcing,”  Page  68).  And  in  Connecticut, 
where  wholesale  outsourcing  was  rejected, 
CIO  Regan  is  leading  an  IT  transformation 
that’s  making  his  IT  organization  look  and 
act  increasingly  like  an  outsourcing  vendor. 
Regan  has  centralized  IT  across  all  65  state 
agencies  (see  “Connecticut:  Rebuilding  a 
Dynasty  or  a  Dinosaur?”  Page  70). 

Clearly,  for  those  state  and  local  govern¬ 
ments  that  haven’t  yet  embarked  on  whole¬ 
sale  outsourcing  initiatives,  there  are  alter¬ 
natives.  But  a  caveat  for  those  who  might 
ignore  the  warnings  and  explore  further 
down  the  privatization  path:  Once  you  go 
all  the  way,  there  might  be  no  turning  back. 
That  is  the  situation  in  San  Diego.  As  messy 
as  the  relationship  has  become,  the  county 
is  stuck  now  that  it  has  outsourced  so  many 
people  and  services.  The  county  will  not  buy 
back  the  IT  assets  it  sold  to  Pennant  or  hire 
back  all  234  outsourced  employees  (who 
now  are  accustomed  to  better  salaries  and 
benefits)  because  it  can’t  maintain  all  the 
new  service  levels  and  strategies.  “It’d  be 
impossible,”  concedes  San  Diego’s  Board- 
man.  “There’s  no  way  a  government  organ¬ 
ization  such  as  ours  can  supply  the  same 
level  of  service  as  an  IT  vendor.” 

To  his  credit,  Boardman  still  thinks  the 
San  Diego  and  Pennant  relationship  can  be 
salvaged.  But  even  if  he’s  proved  wrong, 
“there’s  no  turning  back  for  us,”  he  says. 
“We’re  going  to  outsource  forever.” 

For  better  or  for  worse.  HH 


Do  you  disagree?  Can  outsourcing  work  at  the  state 
and  local  government  level?  Share  your  thoughts 
with  Leadership  and  Management  Editor  Ed  Prewitt 
at  eprewitt@cio.com.  Tom  Field  is  director  of  con¬ 
tent  development  at  CXO  Media  Custom  Publishing. 


IP  TELEPHONY 
SERVICES 

from 

service  providers 
that  use  Cisco 
equipment  in  their 
networks. 


Powered  Network 

If  you're  considering  a  service 
provider  to  extend  your 
network,  look  for  the  Cisco 
Powered  Network  logo. 

It's  your  assurance  that  a 
provider  delivers  its  service 
over  an  end-to-end  Cisco 
network  and  demonstrates 
the  highest  standards  of 
operational  excellence,  cus¬ 
tomer  service,  and  support. 


TO  DOWNLOAD  THE 
FREE  WHITE  PAPER, 
“STRATEGIES  FOR  MANAGED 
NETWORK  SERVICES" 


visit 


cisco.com/go/cpn-telephony 


Cisco  Systems 


® 


Empowering  the 
Internet  Generation 


©2002  Cisco  Systems.  Inc.  All  rights  reserved.  Cisco.  Cisco 
Systems,  Empowering  the  Internet  Generation,  and  the 
Cisco  Systems  logo  are  registered  trademarks  and  the 
Cisco  Arrow  logo  is  a  trademark  of  Cisco  Systems.  Inc. 
and/or  its  affiliates  in  the  U  S  and  certain  other  countries. 


mm 


1 


nia 


:■  ‘ 


it 


%m 


■m 


DYNAMIC  DUO:  Both  Richard  Clarke  (right)  and 
Howard  Schmidt  look  for  nonpartisan  support 
from  the  U.S.  Congress  to  help  companies  protect 
against  everything  from  website  defacements  to 
information  warfare. 


-i R I S  HARTLOVE 


CJ 

>- 

CD 

T. 

CL 

< 

tr 

o 


i 

Q- 


FOR  A  SAFER  INFRASTRUCTURE 

Richard  Clarke,  President  Bush’s  top  cybersecurity 
adviser,  and  his  second-in-command, 

Howard  Schmidt,  are  coordinating  a  volunteer  effort 
to  protect  the  nation’s  critical  infrastructure. 

Can  they  convince  corporate  America  to  take  part? 

BY  SARAH  D.  SCALET 


It's  a  quarter  to  noon  on  a  muggy  Thursday  in  the 
nation’s  capital,  and  Richard  Clarke  is  offering  milk 
and  cookies  to  visitors  on  the  10th  floor  of  the  old 
Secret  Service  building,  two  blocks  west  of  the 
White  House.  There's  a  simple  reason  for  his  snack 
choice.  Earlier  in  the  morning,  Clarke  (whom  head¬ 
line  writers  like  to  call  President  Bush’s  cybersecu¬ 
rity  czar)  hosted  an  event  for  schoolchildren  about 
staying  safe  online— this  decade's  version  of  just 
saying  no  to  drugs.  Even  so,  leftover  sandwich 
cookies  seem  an  appropriate  offering  from  a  man 
whose  job  is  to  persuade  bureaucrats,  business- 
people  and  technology  vendors  to  do  two  things 
they  might  not  have  thought  about  since  kinder¬ 
garten:  share  and  cooperate. 

It’s  a  lofty  goal— to  get  executives  not  only  to  tell 


the  federal  government  about  attacks  on  their 
computer  networks  but  to  work  with  competitors 
to  protect  the  country  from  all  manner  of  elec¬ 
tronic  threats,  from  website  defacements  to  infor¬ 
mation  warfare.  But  that’s  why  President  Bush 
recruited  Clarke  last  October  as  chairman  of  the 
newly  created  Critical  Infrastructure  Protection 
Board,  now  part  of  the  Office  of  Homeland  De¬ 
fense.  And  it’s  why  in  February,  Clarke  got  Howard 
Schmidt,  then  chief  security  officer  of  Microsoft,  to 
become  vice  chairman  of  the  board. 

Despite  the  duo’s  high  profile,  it  wouldn’t  take  a 
pessimist  to  call  theirs  an  impossible  task.  Thus  far, 
their  work  has  had  a  dogged  Washington  flair— hold 
meetings,  issue  reports,  beg  Congress  for  attention 
and  most  important,  recruit  volunteers.  One  way  to 


www.cio.com  •  JUNE  15,  2002  CIO  77 


Security  Q&A 


improve  critical  infrastructure  protection 
would  be  for  Clarke  and  Schmidt  to  advo¬ 
cate  legislation  that  would  give  them  a  ham¬ 
mer  to  force  companies  to  work  with  the 
government  and  report  information  about 
attacks.  But  the  two  have  been  staunch 
opponents  of  such  legislation.  “We  don’t 
want  to  regulate  because  we  don’t  think  we 
do  it  very  well,”  says  Clarke,  age  51,  who 
made  his  name  as  President  Clinton’s  coun¬ 
terterrorism  adviser  for  most  of  the  1990s 
and  is  the  political  counterweight  to  Schmidt, 
age  52,  whose  sympathies  lie  more  with  the 
private  sector  and  vendor  community.  The 
process  of  improving  security  “works  better 
if  people  think  they’re  doing  it  in  their  own 
best  interest,”  Clarke  says. 

To  hear  Clarke  and  Schmidt  tell  it,  people 
are  joining  the  fight  in  their  own  best  inter¬ 
est,  and  any  perceived  reluctance  on  the  part 
of  corporate  America  is  merely  a  marketing 
problem.  The  duo  make  themselves  out  to 
be  patriots  as  well  as  consummate  political 
insiders — Schmidt  with  the  obligatory  Ameri¬ 
can  flag  pin  on  the  lapel  of  a  jacket  draped 


houses  didn’t  have  locks,  would  you  hire 
more  police  or  buy  more  locks?  Criminal 
justice  plays  a  very  important  role  here,  espe¬ 
cially  in  terms  of  deterrence.  We  have  to 
arrest  people  and  prosecute  them  in  order 
to  deter  others.  But  fundamentally,  cyber¬ 
space  security  is  about  buying  and  using 
door  locks. 

Howard  Schmidt:  Imagine  there’s  a  failure 
of  a  locking  assembly,  which  results  in  a 
break-in,  which  results  in  a  report  to  a  law 


public.]  Why  is  the  exemption  so  important? 
Clarke:  The  Nimda  virus  last  November  was 
a  major  attack  that  caused  billions  of  dollars 
worth  of  losses  in  the  private  sector,  yet  not 
one  company  called  us  up  to  tell  us  they  had 
been  attacked  because  they  wanted  to  be  able 
to  keep  it  secret.  They  don’t  want  customers 
and  stockholders  to  lose  confidence.  We 
understand  that.  But  as  a  result,  we  have  an 
inadequate  perception  of  what’s  going  on  in 
the  American  information  infrastructure. 

Sen.  Robert  Bennett  [R-Utah]  probably 
puts  it  best  when  he  says,  Imagine  you  are 
a  commander  in  charge  of  a  battlefield,  and 
you  could  only  see  or  know  15  percent  of 
what  was  going  on  in  that  battlefield.  How 
would  you  defend  yourself?  Well,  if  you 
look  at  our  critical  infrastructure,  about  85 
percent  of  it  is  in  the  private  sector,  and 
unless  we  can  have  some  knowledge  as  to 
what’s  going  on  there — like  attacks,  viruses, 
worms,  denial-of-service  attacks — then  we’ll 
never  be  able  to  help  defend  it.  Only  by  get¬ 
ting  a  Freedom  of  Information  Act  exemp¬ 
tion,  narrowly  written,  will  we  ever  be  able 


If  you  discovered  break-ins  in  your  town 

but  most  of  the  houses  didn’t  have  locks, 
would  you  hire  more  police  or  buy  more  locks? 

-Richard  Clarke 


over  his  chair,  Clarke  sipping  from  a  blue  and 
gold  coffee  mug  from  the  White  House 
Situation  Room.  But  as  much  as  anything, 
they  are  the  chief  publicists  of  a  vision  for 
improved  cybersecurity  around  the  world. 
CIO  caught  up  with  them  for  an  interview 
about  how  far  critical  infrastructure  protec¬ 
tion  has — and  hasn’t — come  since  Sept.  1 1 , 
and  how  they’re  trying  to  coax  corporate  and 
vendor  leaders  into  playing  a  greater  role. 

CIO:  A  recent  survey  shows  fewer  compa¬ 
nies  reporting  cybercrimes  than  a  year  ago. 
Does  that  affect  your  mission? 

Richard  Clarke:  We  don’t  think  about  [criti¬ 
cal  infrastructure  protection]  primarily  as  a 
criminal  justice  problem.  If  you  discovered 
break-ins  in  your  town  but  most  of  the 


enforcement  agency,  which  results  in  an  inves¬ 
tigation.  You  could  have  one  track  from  that 
investigation  directed  toward  the  criminal  jus¬ 
tice  system;  the  other  track  goes  to  [us,  and 
we  ask],  “How  could  this  have  been  pre¬ 
vented?”  We  have  a  constant  feedback  loop, 
which  means  eventually  we  have  better  secu¬ 
rity  on  the  front  end  and  the  law  enforcement 
authorities  have  less  to  investigate. 

You’ve  said  that  the  Freedom  of  Information 
Act  [FOIA]  exemption  is  the  single  most 
important  policy  change  to  improve  infor¬ 
mation  security.  [Note:  This  controversial 
exemption— debated  in  Congress  and  advo¬ 
cated  by  many  CIOs— would  ensure  informa¬ 
tion  given  to  the  the  federal  government 
about  computer  attacks  would  not  be  made 


to  persuade  companies  that  they  can  trust 
us,  the  government,  with  information  about 
vulnerabilities  or  about  hacks. 

I’ve  heard  you  aren’t  so  sure  the  exemption 
is  necessary;  it’s  more  that  businesses 
think  it’s  necessary.  Are  you  offering  it  to 
corporate  America  as  sort  of  a  contract: 
Trust  us,  and  we’ll  help  you  out? 

Clarke:  No,  not  really.  We’ve  looked  at  the 
legal  question:  Are  there  already  adequate 
provisions  in  the  law  that  would  exempt  this 
kind  of  information  from  a  Freedom  of 
Information  Act  request?  Our  lawyers  say 
the  law,  as  currently  written,  would  allow 
us  to  protect  that  information.  But  that 
doesn’t  persuade  companies  to  give  us  the 
information.  Their  lawyers  believe  they  need 


78  CIO  JUNE  15,  2002  •  www.cio.com 


Meet  Benjamin.  Internet  Dependent 

Independent  Filmmaker. 


And  the  inspiratich  behind  cost-effective 


connectivity  environments. 


The  competitive  world  of  independent  filmmaking  isn't 
for  the  fainthearted.  It's  for  strong-willed  directors  such 
as  Benjamin,  who  seize  opportunity  with  an  iron  grip.  That's 
why  he  found  a  way  to  work  with  his  production  partners 
quickly  and  efficiently  to  get  his films  .ijqthe  can  and  out  to  the 
world.  With  the  help  of  the  Nortel  Networks™  Business 
Communications  Manager  (BCM),  Benjamin  implemented  an 
integrated  communications  system  that  lets  him  adopt 
IP-based  solutions  at  his  own  pace.  It  also  means  he  and 
his  highly  mobile  production  partners  have  instant  and 
secure  access  to  everything  from  location  photos  to  streaming 

video  of  his  latest  project. 


#1  market  share  for 

Plus,  the  consolidation  of  a 

Converged  IP  Solutions* 


communications  structure 
with  a  single,  easily  managed  system  saves  him  20%  of  the 
cost  of  buying  and  maintaining  separate  equipment.  Which 
means  he  saves  time  and  money  so  he  can  concentrate  on 
producing  the  kinds  of  films  that  just  may  have  him 
rehearsing  an  acceptance  speech.  It's  just  one  more  way 
Nortel  Networks  is  making  the  Internet  what  you  need  it  to  be. 
To  learn  moTe,  visit  nortelnetworks.com/connectivity. 


Nortel  Networks,  the  Nortel  Networks  logo  and  the  Globemark  are  trademarks  of 
Nortel  Networks.  ©2002  Nortel  Networks.  All  rights  reserved.  "IP-PBX  Q4  2001  market 
share  report,  "InfoTrack  for  Enterprise,”  published  by  InfoTech. 


Metro  &  Enterprise  Networks  Optical  Long  Haul  Networks  Wireless  Networks 


N0RTEL 

NETWORKS 


nortelnetworks.com 


Security  Q&A 


additional  protection;  therefore  we  need  to 
get  additional  protection. 

If  the  law  passes,  will  there  be  an  onslaught 
of  people  reporting  information  to  you? 

Schmidt:  It’s  hard  to  tell.  We  think  we’ll  have 
some  companies  come  forth  right  away.  In 
other  cases,  there’ll  still  be  some  hesitation, 
some  guarded  discussions.  I’m  sure  there’ll 
be  a  little  bit  of  giving  of  information,  see¬ 
ing  how  that  plays  out.  I  don’t  think  it’s 
going  to  suddenly  open  the  floodgates. 

One  line  in  the  executive  order  creating  the 
Critical  Infrastructure  Protection  Board 
says,  “Implementation  of  this  policy  shall 
include  a  voluntary  public-private  partner¬ 
ship,  involving  corporate  and  nongovern¬ 
mental  organizations."  So  in  a  way,  your  job 
is  to  force  people  to  volunteer.  How? 

Clarke:  The  Partnership  for  Critical  Infra¬ 
structure  Security  [PCIS]  was  formed  two 
years  ago.  We’ve  had  six  or  seven  industry 
groups  form  Information  Sharing  and 
Assessment  Centers  [ISACs]  before  9/11.  So 
x  I’m  not  concerned  that  people  won’t  co¬ 
operate.  But  this  is  more  than  just  patriotism. 
It’s  economic  self-preservation.  Many  compa¬ 
nies  participating  in  this  partnership  on  a  vol¬ 
untary  basis  realize  that  they’re  doing  it 
because  they  can  only  grow  if  IT  grows,  if  IT 
is  secure.  For  us  really  to  go  to  the  next  stage 
of  IT  in  the  workplace — IT  in  the  home — we 
really  need  to  increase  consumer  confidence. 

Schmidt:  When  the  PCIS  was  formed,  I 
was  in  the  private  sector,  and  [security]  was 
not  an  issue  in  many  companies.  You  worried 
about  earnings  per  share,  shareholder  value 
and  so  on.  Dick  [Clarke],  John  Tritak  [direc¬ 
tor  of  the  Commerce  Department’s  Critical 
Infrastructure  Assurance  Office]  and  the  folks 
in  the  government  at  that  time  provided  a 
forum  for  us  to  become  more  aware  of  the 
government’s  interest  in  the  area  of  critical 

cio.com _ 

Read  more  about  this  topic  in  our 

SECURITY  RESEARCH  CENTER  at 

www.cio.com/security. 


infrastructure  protection.  It  was  natural  to 
pull  everybody  in  and  say,  “Listen,  this  is 
important  to  the  president.  We  want  you  to 
help  us.”  Who  would  not  want  to  answer 
that  call?  You’ll  see  the  momentum  that 
we’ve  got  today,  where  people  are  literally 
calling  up  and  saying,  “What  can  we  do?”  It’s 
based  on  the  trust  that  was  developed  by  the 
government  initially  reaching  out  to  compa¬ 
nies  saying,  “We’re  not  here  to  regulate  you 
or  ruin  your  business  model.  We  want  what’s 
good  for  the  country,  for  all  of  us.” 

It  sounds  like  you’re  talking  about  this  vol- 
unteerism  as  a  substitute  for  regulation. 

Clarke:  We  don’t  want  to  regulate  because 
we  don’t  think  we  do  it  very  well.  We’d  like 
voluntary  cooperation,  voluntary  adoption 
of  best  practices,  voluntary  sharing  of  infor¬ 
mation,  because  it  works  better  if  people 
think  they’re  doing  it  in  their  own  best  inter¬ 
est,  rather  than  if  they  think  they’re  doing  it 
because  they  have  to. 

It’s  a  marketing  job  as  much  as  anything? 

Clarke:  About  half  our  job  is  marketing. 

What’s  the  other  half? 

[They  both  laugh.]  Clarke:  A  lot  of  what  we 
do  is  make  priorities — budgetary,  legislative, 
priorities  in  terms  of  what  parts  of  the  infra¬ 
structure  we  work  with  the  most.  What  are 
the  most  important  things  to  fix?  Imagine 
the  intersection  of  where  the  vulnerabilities 
are  highest  and  where  the  effect  of  failure  is 
the  highest.  That’s  what  we’re  trying  to  find. 

If  you  look  at  the  state  of  critical  infrastruc¬ 
ture  on  Sept.  10  versus  now,  have  there 
been  measurable  improvements? 

Clarke:  The  federal  government  is  getting 
more  secure  in  its  cyberspace  networks.  The 
budget  the  president  sent  to  Congress  in 
February  asks  for  a  64  percent  increase  in 
funding  to  defend  federal  departments  and 
agencies — that’s  more  than  8  percent  of  the 
federal  IT  budget  spent  on  IT  security.  We’re 
trying  to  do  two  things  with  that  [funding 
increase].  Obviously  we’re  trying  to  fix  very 
serious  problems  that  the  federal  depart¬ 


80  CIO  JUNE  15,  2002  •  www.cio.com 


ments  have.  And  two,  we’re  trying  to  set  a 
model  for  the  private  sector — for  members 
of  corporate  boards  of  directors,  for  CEOs, 
saying,  “Gee,  the  federal  government  is 
spending  8  percent  of  its  IT  budget  on  IT 
security.  What  are  we  doing  at  our  com¬ 
pany?”  Unfortunately,  most  companies  are 
not  going  to  be  able  to  say  that  they’re  spend¬ 
ing  anywhere  near  8  percent  on  security. 

You  like  to  quote  a  report  that  most  compa¬ 
nies  spend  more  on  coffee  than  on  security. 
Is  8  percent  for  catch-up?  Is  it  enough? 

Clarke:  It’s  catch-up  for  the  federal  govern¬ 
ment,  and  it  won’t  be  enough  if  we  don’t 
sustain  it  at  that  level  or  perhaps  even 
slightly  higher  over  several  years.  There’s  no 
good  figure  that  is  appropriate  for  every 
company  or  every  institution.  That’s  why 
we’re  not  saying  8  percent  is  the  target. 

Are  you  advocating  any  kind  of  tax  benefits 
for  spending  on  security? 

Clarke:  No,  I  think  there’s  enough  benefit 
inherent  for  spending  on  security  that  we 
don’t  need  to  give  people  a  tax  break.  The 
benefit  comes  from  being  secure.  It’s  more 
expensive  in  the  long  run  to  be  insecure. 

Don’t  you  think  that’s  a  hard  sell  to  CFOs? 

Schmidt:  Not  at  all.  When  the  Melissa  virus 
hit  at  one  company  that  I  have  some  very 
great  insight  into,  it  took  about  $14  million 
dollars  to  bring  that  whole  system  up  online 
after  10  days.  When  the  Anna  Kornikova 
virus  hit  the  same  company,  they  were  able 
to  contain  it  within  30  minutes  with  better 
processes,  and  that  30  minutes  translated  into 
about  $12,000  worth  of  effort- — quite  a  dif¬ 
ference.  CFOs  are  saying,  “It’s  going  to  cost 
me  just  like  anything  else  to  do  some  risk 
management  on  the  front  end,  but  in  the  long 
term  I’m  going  to  be  much  more  able  to  save 
money  and  reduce  total  cost  of  ownership.” 

Are  you  saying  that  viruses  and  worms 
actually  helped  as  far  as  demonstrating 
that  ROI? 

Clarke:  I  think  that  there’s  a  silver  lining  to 
some  of  these  viruses  and  worms,  because 


The 


WHY  TRU 

DATA  BACKUP  AND  RECOVE 

ANYONE  BUT  1 


re  com 


»■'  .3  j^'°or 


•  ?!§ 


C.  O  M P  fcTIT  fO  N  N/^fi'TAS 

veritas.com 


VERITAS* 


@2002  VERITAS  Software  Corporation.  All  rights  reserved.  VERITAS  and  the  VERITAS  logo  are  trademarks  or  registered  trademarks  of 
VERITAS  Software  Corporation.  All  other  trademarks  are  the  property  of  their  respective  owners. 


Security  Q&A 


you  know  when  you  get  hit.  People  are  pen¬ 
etrating  networks,  doing  espionage,  and  we 
don’t  know  it  because  they’re  successful. 
They’re  not  leaving  traces.  It’s  helpful  when 
we  have  major  viruses  and  worms  and  denial- 
of-service  attacks  because  they’re  noisy  and 
they  leave  fingerprints,  and  we  know  it’s  out 
there.  People  are  then  motivated  to  fix  it. 

How  can  you  convince  vendors  to  create 
more  secure  products? 

Clarke:  The  vendors  tell  us,  “We  could  cre¬ 
ate  more  secure  products,  but  no  one  wants 
them.”  Then  we  talk  to  the  procurement  peo¬ 
ple — in  banking,  finance,  energy,  govern¬ 
ment — and  say,  “Do  you  want  more  secure 
products?”  And  they  say,  “Yes!  But  the  ven¬ 
dors  won’t  make  them.”  It’s  what  I  call  a 
“dialogue  of  the  deaf.”  We  try  to  bridge  it  by 
taking  the  critical  infrastructure  procurement 
people  and  the  vendors  by  the  hand  and  say¬ 
ing,  “Vendors,  could  you  make  a  more  secure 
product?” — “Critical  infrastructure  compa¬ 
nies,  do  you  want  a  more  secure  product?” — 


“Now,  can  both  agree  that  we’re  going  to 
have  more  secure  products?”  There’s  actu¬ 
ally  a  real  role  for  us  to  bring  people  together 
to  have  dialogues  that  you  would  think  nat¬ 
urally  occur  but  don’t. 

We  also  have  a  sort  of  honeybee  role 
where  we  fly  around  flower  to  flower  pro¬ 
liferating  the  message  and  sharing  informa¬ 
tion.  We’re  able  to  learn  what  products  are 
out  there.  We  don’t  recommend  certain 
brands,  but  we  do  recommend  certain  kinds 
of  services. 

What’s  the  administration’s  position  on 
holding  vendors  accountable  for  products 
that  aren’t  secure?  And  liability  for  prod¬ 
ucts  that  aren’t  secure? 

Clarke:  I  think  they’re  two  separate  issues. 


One  is  holding  vendors  accountable,  one  is 
doing  [something  about]  it  in  court.  We’re  in 
favor  of  holding  vendors  accountable.  When 
a  product  fails,  the  vendor  has  a  responsibility 
to  quickly  identify  a  way  of  fixing  it  and  get¬ 
ting  that  patch  out,  and  the  patch  not  only 
should  fix  the  problem,  it  should  not  inter¬ 
act  badly  with  other  widely  utilized  applica¬ 
tions.  But  we  don’t  think  it’s  terribly  valuable 
to  litigate  such  problems.  We’d  like  to  try  to 


find  solutions  that  are  quicker  than  long,  mul¬ 
tiyear  litigation. 

We  spend  a  lot  of  time  worrying  about 
patches,  but  we  don’t  want  to  just  put  band¬ 
ages  on  the  current  generation  of  systems.  We 
want  to  think  about  what  the  next  generation 
of  systems  should  look  like. 

What  would  be  the  signs  that  things  were 
getting  better? 

Clarke:  It’s  mostly  anecdotal.  You  can  look 
at  the  number  of  computer  incidents;  you 
can  look  at  the  dollar  value  of  damage  done 
by  such  incidents.  Unfortunately  the  num¬ 
bers  are  skyrocketing.  That  doesn’t  mean 
we’re  not  making  progress.  If  you  look  at 
traditional  measures  of  effectiveness — the 
number  of  incidents  and  how  bad  they  are — 


it  would  tell  you  we’re  getting  worse.  The 
number  of  people  and  functions  connected 
to  the  Internet  is  going  up,  and  the  sophisti¬ 
cation  of  the  attack  tools  is  increasing.  At  the 
same  time,  we  are  getting  the  awareness 
message  out,  getting  more  CEOs  to  care, 
getting  spending  in  security  in  the  public  and 
private  sectors,  getting  the  hardware  and 
software  manufacturers  to  develop  more 
secure  systems. 

Then  there’s  the  unknown  unknown. 
Have  our  enemies  already  penetrated  our 
critical  infrastructure  successfully  and  we 
don’t  know  it?  Or  are  they  in  a  position 
where,  if  there  is  a  big  conflict  between  us 
and  them,  they  are  already  in  a  position  to 
disable  our  critical  infrastructure? 

Who’s  the  “them”? 

Clarke:  We’ve  stopped  asking  that  question. 
Before  Sept.  11,  people  tended  to  think  in 
terms  of  a  threat  paradigm:  Who’s  the  them, 
and  when  are  they  going  to  do  it?  They 
waited  for  that  information  before  they  acted. 
So,  tell  me  the  name  of  the  terrorist  group, 
what  airplane  they’re  going  to  hijack,  what 
city  they’re  going  to  attack.  Tell  me  when  it’s 
going  to  occur,  and  then  I’ll  do  something  to 
prevent  it.  We  learned  you  don’t  always  get 
the  information — the  attack  just  occurs. 

So  we’re  advocating  instead  a  vulnerabil¬ 
ity  paradigm  that  says,  Don’t  worry  about 
who’s  going  to  do  it.  Don’t  worry  about 
when  it’s  going  to  occur.  Ask  yourself  what 
your  vulnerabilities  are.  And  then  find  that 
intersection  between  the  things  that  are  the 
most  vulnerable  and  the  things  that  would 
be  the  most  damaging.  It’s  a  shift  from  who’s 
going  to  do  it,  when  and  where,  to  where  are 
my  weaknesses,  and  what  are  the  most 
important  weaknesses  that  I  have? 

People  who  are  not  now  actively  our 
enemy  may  be  actively  our  enemy  three 
years  from  now,  five  years  from  now.  If  all 
we  do  is  collect  intelligence  about  people  we 
think  are  our  enemies,  we  may  miss  what  we 
should  be  doing.  WB1 


Sarah  D.  Scalet,  security  editor  and  senior  writer 
for  CIO,  can  be  reached  at  sscalet@cio.com. 


We’re  not  here  to  ruin  your 

business  model.  We  want 
what’s  good  for  all  of  us. 

"Howard  Schmidt 


82  CIO  JUNE  15,  2002  •  www.cio.com 


—itrr  f  t  jr 


jf  4*.  •-.»  •*,*«  v- 


QKE 

Custom  Publishing 
Advertising  Supplement 


THE  SECURITY 


Creating  a  Culture  of  Security 

PEOPLE,  NOT  FIREWALLS,  ARE  YOUR  CIO  or  Chief  Security  Officer.  But  senior  manage- 

COMPANY’S  FIRST  LINE  OF  DEFENSE  ment  —  whoever  has  the  authority  to  administer 

recognition  and  rewards  —  must  promote  the 


Theres  nothing  that  gets  people’s 
attention  like  handing  them  a  crisp 
$100  bill. 

That’s  how  William  Hugh  Murray 
remembers  a  colleague  rewarding  an  employee 
who  followed  the  corporate  security  policy  and 
challenged  Murray’s  friend  for  strolling  around  the 
building  without  his  required  security  badge. 
“People  start  asking  other  people  about  their 
badges,  and  the  wearing  of  badges  gets  good  really 
quick,”  chuckles  Murray,  a  Certified  Information 
Systems  Security  Professional  (CISSP),  consultant 
with  TruSecure  Corp.  in  Herndon,  Va.,  and 
Corporate  Secretary  of  (ISC)2,  the  International 
Information  Systems  Security  Certification 
Consortium,  a  non-profit  security  training  and 
standards  organization  based  in  Framingham,  Mass. 

That’s  an  example  of  the  kind  of  creative,  consis¬ 
tent  reinforcement  necessary  to  forge  a  culture  of 
security  —  a  work  environment  in  which  employ¬ 
ees  at  all  levels  understand  and  commit  to  the 
need  to  protect  the  enterprise  not  just  from  phys¬ 
ical  security  breaches,  but  also  virtual  intrusions 
from  hackers  or  viruses.  More  than  just  a  cost  of 
doing  business  in  the  post-9/ 1  I  world,  creating  a 
culture  of  security  can  actually  boost  productivity 
and  profits  by  reducing  downtime  and  system  out¬ 
ages,  says  Hal  Tipton,  CISSP  and  former  president 
of  (ISC)2. 

But  to  achieve  these  business  benefits,  senior 
executives  must  foster  awareness  of  security  risks 
through  education,  training  and  consistent 
enforcement  of  proper  policies.  Everyone  from 
the  CEO  to  the  accounts  payable  clerk  must 
commit  to  following  proper  security  practices. 

DEFINING  YOUR  CULTURE 
Creating  a  culture  of  security  is  no  different  than 
creating  a  “culture  of  quality”  or  a  “culture  of  cus¬ 
tomer  service.”  The  initiative  can  come  from  any¬ 
where  in  the  organization  —  in  this  case,  likely  the 


change  by  consistently  communicating  the  busi¬ 
ness  implications  of  security,  and  enforcing  securi¬ 
ty  policies.  At  each  step  in  the  management  hier¬ 
archy,  says  (ISC)2’s  Murray,  supervisors  must  eval¬ 
uate  and  reward  those  who  report  to  them  based 
on  their  adherence  to  good  security  practices. 

And  there’s  no  room  for  breakdowns.  If  an 
employee  goes  to  a  manager  to  report  a  security 
lapse  and  is  brushed  off,  that  staffer  won’t  speak  up 
again.  Similarly,  if  management  preaches  the  impor¬ 
tance  of  passwords  but  then  casually  hands  out  the 
same  temporary  password  to  every  new  employ¬ 
ee,  “The  immediate  message  is  that  management 
doesn’t  take  this  very  seriously,”  Murray  says. 

“MAKING  CHANGES  IN  ANY 
ENVIRONMENT  NEEDS  TO  BE 
INCREMENTAL,  AND  IT  NEEDS 
TO  BE  DONE  CONTINUOUSLY. 
YOU  CANT  JUST  HAVE  A  SECURI¬ 
TY  AWARENESS  PROGRAM  THAT 
RUNS  FOR  TWO  MONTHS.” 

—  JOHN  COLLEY, VP/DIRECTOR  (ISC)2 

The  need  for  top-down  leadership  —  and  to 
ensure  security  spending  is  focused  on  the  most 
critical  risks  —  is  reflected  in  the  rise  of  chief  secu¬ 
rity  officers  (CSOs).  These  new  executives  boost 
efficiency  and  security  effectiveness  by  coordinat¬ 
ing  security  efforts  across  the  organization,  manag¬ 
ing  outsourcing  contracts  and  mapping  security 
measures  to  real  business  risks,  says  Steve  Hunt,  a 
Vice  President  at  Giga  Information  Group  in 
Chicago.  He  knows  of  about  80  CSOs  who  report 
to  the  CIO  level  or  higher  and  who  coordinate 
security  across  all  types  and  sizes  of  businesses. 
Hunt  expects  companies  to  increase  spending  on 
security  software  by  5  percent  this  year. “However, 
in  2002  proportionally  more  money  is  being  spent 
on  management  personnel  than  in  previous  years, 
as  part  of  an  effort  to  ensure  security  spending 
delivers  business  benefit.  The  move  to  CSOs  is 
part  of  this  trend,  and  is  working,”  Hunt  says. 


DOING  DUE  DILIGENCE 

BASIC  STEPS  TOWARD  CREATING  A  CULTURE  OF 

SECURITY  IN  YOUR  ORGANIZATION 

HI  Identify  who  is  responsible  for  designing  and  imple¬ 
menting  your  information  security  policy. 

■  Communicate  that  policy  with  on-going  awareness  and 
training  programs;  establish  clear  expectations  for  man¬ 
agers  and  employees. 

H  Create  and  test  a  business  continuity  program  to  ensure 
survival  of  critical  data,  equipment,  and  networks  and  to 
keep  valuable  employees. 

B  Identify  and  control  critical  systems  with  password 
management,  installation  of  security  patches  and  fixes  of 
common  vulnerabilities.  Links  to  external  networks  may 
require  encryption,  firewalls,  authentication  and/or  intru¬ 
sion  detection  systems. 

HI  Stay  vigilant  with  security  reviews,  audits,  and  vulnerabil¬ 
ity  assessments.  Monitor  vendors  and  the  Web  to  stay  cur¬ 
rent  on  latest  threats. 

B  Make  sure  the  board  of  directors  and  corporate  officers 
annually  review  the  status  and  outlook  of  your  information 
security  program. 

B  Provide  adequate  training  and  encourage  certification  of 
your  security  staff. 

Source:  (ISC)2 

\ 

REMINDERS  AND 
REINFORCEMENTS 
Micki  Krause,  Director  of  Information 
Security  at  a  healthcare  company  on  the 
West  Coast,  recently  saw  firsthand  how 
easily  security  breaches  can  occur.  She 
hired  outside  auditors  to  test  her  com¬ 
pany’s  security  awareness,  and  the  audi¬ 
tors  had  a  few  concerns.  In  one  case, 
auditors  found  staff  members  testing  a 
new  system  had  accidentally  exposed  the 
network  to  outside  hacks.  In  another, 
auditors  posing  as  support  staff  were 
able  to  get  1 6  of  22  employees  to  reveal 
their  user  IDs  and  passwords. 

Subsequently,  Krause  plugged  the  holes  in 
her  organization’s  security  procedures  — 
and  just  as  importantly,  she  also  rewarded 
the  six  employees  who  refused  to  disclose 
their  IDs  and  passwords  to  the  fake  “sup¬ 
port  staff.”  But  her  experience  illustrates 
that  even  with  top-down  awareness,  creat¬ 
ing  a  culture  change  doesn’t  happen 
overnight.  “Making  changes  in  any  environ¬ 
ment  needs  to  be  incremental,  and  it  needs 
to  be  done  continuously,”  says  John  Colley, 


a  London-based  Vice  President  and  mem¬ 
ber  of  the  board  of  directors  of  (ISC)2. 
“You  can’t  just  have  a  security  awareness 
program  that  runs  for  two  months.” 

Giga’s  Hunt  recommends  an  ongoing 
security-awareness  process  that  includes: 

■  Identifying  critical  information  assets 
and  risks 

■  Crafting  a  security  policy 
Implementing,  administering  and 
auditing  the  policy 

■  Continually  reassessing  risks. 

To  ensure  a  culture  of  security,  security 
proponents  and  managers  may  also  have 
to  change  some  of  their  own  behavior. 
Too  often  they  get  discouraged  after  a 
security  proposal  is  rejected  by  senior 
management  because  the  risk  may  not  be 
enough  to  justify  the  cost.  “You’ve  got  to 
understand  no’  is  a  perfectly  appropri¬ 
ate  answer,”  says  Murray,  especially  since 
budget  conditions,  or  management’s  per¬ 
ception  of  the  risk,  are  subject  to  change. 
Department  managers  who  have  a  budg¬ 
et  all  got  it  the  same  way  — “They  asked 
for  it  and  got  told  no’  a  lot,”  he  says.  As 
long  as  the  risk  and  cost  are  explained, 
it’s  up  to  the  business  managers  to 
decide  whether  the  cost  of  the  security 
plan  is  too  high.  But  Murray  feels  it  is  up 
to  him  to  keep  raising  security  concerns 
so  business  managers  can  decide  how 
much  to  spend  to  reduce  their  risks. 

Most  companies  aren't  doing  enough  to 
create  a  culture  of  security,  says  Bruce 
Murphy,  CISSP  and  CEO  ofVigilinx,  Inc., 
a  provider  of  managed  security  services, 
consulting  and  security  related  informa¬ 
tion  in  Parsippany,  N.j.  “They  don't 
understand  the  value,  since  it  is  hard  to 
quantify”  the  hard-dollar  return  on 
security  spending.  Many  companies  also 
underestimate  the  importance  of  people 
and  processes  in  creating  a  culture  of 
security,  he  says. 

Krause  concurs,  saying  creating  a  culture 
of  security  involves  communication, 
rewards  and  incentives.  “In  fact,  security 
is  not  just  technology,  it’s  really  people 
and  processes.”  ■ 


The  Big  Picture 

INFORMATION  SECURITY 
PROBLEMS  ARE  GLOBAL,  BUT 
SOME  REGIONAL  SOLUTIONS 
ARE  UNIQUE 

Among  the  greatest 
security  challenges  now 
facing  senior  executives 
worldwide  are: 

■  The  increasing  sophistication  of 
network  security  threats,  and  the 
speed  at  which  they  change. 

■  The  ongoing  need  to  educate  staff 
about  the  importance  of  informa¬ 
tion  security. 

And  although  some  nations  and  agen¬ 
cies  are  crafting  unique  local  solutions, 
studies  show  that  most  businesses  are 
not  doing  enough  to  overcome  these 
common  global  problems. 

Among  recent  research  findings: 

SB  Senior  Leaders  Recognize  the 
Threat.  In  a  fall  2001  survey  of 
459  CIOs  and  business  managers, 

Ernst  &  Young  found  that  70  per¬ 
cent  of  respondents  cited  ever- 
changing  and  increasingly  sophisti¬ 
cated  security  threats  as  their  top 
concern.  Employee  awareness  of 
security  threats  was  the  number 
two  challenge,  cited  by  66  percent 
of  the  respondents. 

Most  Companies  Aren’t  Doing 
Enough  to  Fight  Back.  In  a  sum- 

WHY  SPEND  ON  SECURIT3 

HOW  TO  JUSTIFY  COSTS  AND  SHOW  BEN! 
Potential  costs  of  lax  security: 

B  Lost  sales  due  to  system  downtime 
B  Loss  of  proprietary  customer  or  produc 
information 

B  Drop  in  stock  price  due  to  security  breach 
B  Shareholder  lawsuits  over  lax  security 
B  Customer  lawsuits  over  loss  of  privacy 
B  Regulatory  penalties 


S2 


mer  200 1  survey  conducted  by  CIO 
Magazine  and  Cambridge-Mass.-based 
digital  security  firm  @stake,  two- 
thirds  of  respondents  said  they  did  not 
have  a  well-defined  company-wide 
security  policy  or  plan. 

Faced  with  this  disconnect  between 
awareness  and  response  to  global  securi¬ 
ty  threats,  organizations  such  as  the 
International  Organization  for  Standard¬ 
ization  (ISO)  and  (ISC)2  are  working  to 
create  new  international  security  stan¬ 
dards.  The  European  Commission  has 
even  unveiled  a  plan  that  would  send 
hackers  and  writers  of  computer  viruses 
to  jail  for  years. 

But  just  as  vital  as  policy-making  is  edu¬ 
cation  —  making  global  business  leaders 
aware  of  the  risk  of  embarrassing  and 
costly  security  breaches,  as  well  as 
potential  shareholder  lawsuits  that  could 
hold  senior  management  personally 
responsible  for  such  breaches. 

SAFEGUARDING  PRIVATE  DATA 
Intrusions  and  viruses  aren’t  the  only 
issues  on  the  minds  of  global  business 
leaders.  Regional  privacy  laws  are  also  a 
concern  —  and  they  vary  by  nation.  In 
the  U.S.,  for  example,  the  Health 
Insurance  Portability  and  Accountability 
Act  (HIPAA)  prescribes  strict  standards 
for  how  healthcare  providers  must  pro¬ 
tect  patient  information.  But  other  priva¬ 
cy  standards  are  less  clearly  defined  in 
the  U.S.  and  elsewhere,  and  inconsistent¬ 
ly  enforced  from  country  to  country.The 
only  way  to  stay  on  top  of  and  within 
these  standards,  global  security  experts 
say,  is  for  companies  to  designate  staff  in 


Potential  benefits  of  strong  security: 

■  Increased  sales  and  productivity 

j  ■  Tighter  integration  with  customers,  suppliers 

■  Increased  customer  loyalty 

■  Competitive  advantage  over  less  secure  com¬ 
petitors 

■  Lower  premiums  on  “hacker”  insurance 

Source:  Strategic  Directions 


each  of  their  global  marketplaces  to 
understand  individual  countries’  rules 
and  ways  of  doing  business  so  processes 
can  be  adapted  to  meet  those  local 
requirements. 

Some  examples  of  regional  variances: 
some  European  countries  have  different 
definitions  for  what  constitutes  a  legally 
acceptable  digital  signature  for  an  online 
transaction.  And  while  the  European 
Union’s  Data  Privacy  Directive  prevents 
the  collection  of  most  personal  data 
unless  the  consumer  authorizes  it,  the 
laws  that  define  “informed  consent”  vary 
widely  from  country  to  country,  says 
John  Colley,  Vice  President  of  (ISC)2,  in 
London.  “What  may  be  perfectly  legal  in 
the  [United  Kingdom]  may  be  illegal  in 
Germany,  or  vice  versa,”  he  says. 

Enforcement  can  also  vary  across  global 
regions.  For  example,  while  Hong  Kong 
has  adopted  an  ordinance  similar  to  the 
EU’s  privacy  directive,  it  relies  on  com¬ 
panies  to  police  themselves  rather  than 
on  the  stricter  government  enforcement 
found  in  Europe. 

To  cope  with  the  differing  global  require¬ 
ments,  many  companies  that  do  business 
both  in  America  and  in  Europe  have 
established  “safe  harbors”  in  which  they 
promise  to  safeguard  private  data  about 
EU  consumers  under  the  laws  that  apply 
in  those  consumers’  countries.  But  rather 
than  using  technology  to  provide  special 
safeguards,  says  Colley,  the  safe  harbors 
are  usually  “legal  constructs  more  than 
anything  else,  based  on  trust  and  business 
expediency”  between  trading  partners. 

LEADING  THE  CHARGE 
Mindful  of  global  security  threats  —  and 
the  diversity  of  regional  solutions  being 
deployed  against  them  —  several  inter¬ 
national  agencies  are  at  work  on  various 
information  security  standards. 

The  International  Standards  Organ¬ 
ization  (ISO)  in  December  2000  released 
its  ISO  17799,  which  it  calls  “a  compre¬ 
hensive  set  of  controls  comprising  best 
practices  in  information  security." The  10 
CISSP  domains,  which  are  closely  related 


to  the  ISO  control  areas,  include: 

98  Access  Control  Systems  and 
Methodology 

■  Applications  and  Systems 
Development  Security 

M  Business  Continuity  Planning  (BCP)  & 
Disaster  Recovery  Planning  (DRP) 

H  Cryptography 

■  Law,  Investigations  &  Ethics 
U  Operations  Security 

■  Physical  Security 

fl  Security  Architecture  and  Models 
H  Security  Management  Practices 

■  Telecommunications  and  Network 
Security 

Clearly,  there  is  no  single  solution  to 
eliminate  the  global  security  threat,  but 
increased  awareness  and  action  will  min¬ 
imize  risk.  M 


ALIGNING  SECURITY 
AND  BUSINESS 

10  QUESTIONS  TO  ASK  YOURSELF  ABOUT  SECURITY: 


1  •  Does  your  board  of 

an  enabler?  (For  example,  by 

directors  recognize  that 

implementing  effective  secu¬ 

information  security  is  a 

rity,  could  you  enable  your 

board-level  issue  that  cannot 

organization  to  increase  busi¬ 

be  left  to  IT  alone? 

ness  over  the  Internet?) 

2.  Is  there  clear  accounta¬ 

7.  Has  your  business 

bility  for  information  securi¬ 

assessed  the  risk  of  getting  a 

ty  in  your  organization? 

reputation  for  slackness  in 

3*  Can  your  board  mem¬ 
bers  articulate  an  agreed  set 

security? 

8*  What  steps  have  you 

of  threats  and  critical  assets? 

taken  to  ensure  that  third 

How  often  do  you  review 

parties  will  not  compromise 

and  update  this? 

the  security  of  your  organi¬ 

Do  you  know  how  much 
is  spent  on  information 

zation? 

9 .  How  do  you  obtain  inde¬ 

security  and  what  it  is  being 

pendent  assurance  that 

spent  on? 

information  security  is  man¬ 

5.  What  would  be  the 

aged  effectively  in  your 
organization? 

impact  on  the  organization 
of  a  serious  security  inci¬ 

1  O.  How  do  you  measure 

dent? 

the  effectiveness  of  your 

6*  Does  your  organization 

information  security  activi¬ 
ties? 

see  information  security  as 

Source.  Ernst  &  Young 

The  ROI  of  Certification 


SECURITY  CERTIFICATION  ISN’T 
JUST  A  COST;  IT’S  AN  INVESTMENT 

An  hour  a  day,  seven  days  a 
week,  for  nine  months. 
That’s  the  time  commit¬ 
ment  made  by  Chuck 
Bianco,  a  17-year  security 
veteran,  in  preparation  for  his  Certified 
Information  Systems  Security 
Professional  (CISSP)  certification  in 
November  2001.  “I’m  as  proud  of  that 
certification  as  anything  else  I’ve  done 
in  business,”  says  Bianco,  Manager  of  IT 
Examinations  for  the  U.S.  Treasury 
Dept,  in  Dallas.  But  more  than  just  new 
credentials  and  personal  pride,  this  cer- 


and  systems.  And  although  certified 
security  personnel  do  cost  more  money, 
the  ROI  is  pretty  clear,  experts  say. 
“You’re  buying  protection  in  case  of  a 
shareholder  lawsuit  resulting  from  a 
security  problem,"  says  David  Foote, 
President  and  Chief  Research  Officer  at 
research  and  consulting  firm  Foote 
Partners  in  New  Canaan,  Conn.”  Boards 
of  directors  are  getting  involved,  and 
they  realize  a  high-profile  Web  breach, 
or  a  privacy  breach,  could  harm  the  rep¬ 
utation  of  a  company  and  impact  rev¬ 
enues,”  Foote  says.  “By  saying  you  have 
the  CISSP  on  staff,  you  can  show  you 
took  prudent  and  reasonable  precau¬ 
tions  —  you  did  the  best  you  could,” 
Foote  says. 


line  study  guides  for  its  certificatio 
exams. 

More  than  showing  off  the  proper  skill 
security  certification  tells  an  employer 
security  professional  is  truly  knowledge 
able  and  experienced  in  the  field,  rathe 
than  someone  who  has  just  read  som 
books  and  can  use  the  proper  buz; 
words,  says  Tipton,  who  is  now  a  Securit 
Instructor  and  Administrator  of  securit 
training  programs. 

Employing  certified  security  professior 
als  also  helps  protect  senior  manage 
ment,  which  can  be  held  personally  liabl 
if  they  fail  to  take  proper  security  pre 
cautions  required  by  law,  he  says. 


WORLDWIDE  SECURITY  SPENDING 
ON  THE  RISE 


...And  For 
Managed 
Security  Services 

$2.2  billion 
(estimated) 

$720 

million 


2000  2005 

Source:  international  Data  Corp. 


tification  has  given  Bianco  a  strategic 
new  position  at  a  key  time  in  his  enter¬ 
prise’s  battle  against  information  securi¬ 
ty  threats. 

People  such  as  Bianco  are  a  hot  com¬ 
modity  these  days.  In  an  increasingly 
security-conscious  world,  CIOs  need 
professionals  like  Bianco  who  have  the 
certified  skills  to  secure  corporate  data 


The  CISSP  certification  is  granted  by  the 
International  Information  Systems 
Security  Certification  Consortium 
(ISC)2,  a  non-profit  security  association 
in  Framingham,  Mass. The  certification  is 
“like  a  badge  of  honor”  that  promises  its 
holder  can  be  trusted,  says  Victor  Keong, 
a  partner  in  the  Security  Services 
Practice  of  Deloitte  &  Touche  in 
Ontario,  Canada.  “When  we  do  security 
consulting,  the  customer’s  prime  con¬ 
cern  is  'are  my  secrets  safe?”’ 
Certification  can  help  assure  them  the 
security  professional  they  hire  is  not 
himself  a  hacker,  he  says. 

Along  with  three  years  of  practical 
experience,  CISSP  exam  applicants  need 
in-depth  knowledge  of  the  10  domains 
within  (ISC)2’s  Common  Body  of 
Knowledge  (CBK).The  CBK  is  a  central, 
standard  list  of  key  security  knowledge. 
Domains  within  the  Common  Body  of 
Knowledge  include  security  architec¬ 
ture  and  models,  cryptography,  opera¬ 
tions  security,  access  control  systems, 
and  law  and  ethics.  Hal  Tipton,  a  former 
(ISC)2  president,  describes  the  CBK  as 
the  topics  a  security  professional  “needs 
to  know  enough  about  so  they  can 
carry  on  an  intelligent  conversation 
with  their  peers.” 

(ISC)2  also  offers  review  courses  and  on¬ 


“Top  management  doesn’t  have  the  tim 
to  really  study  all  these  things  and  under 
stand  what  the  requirements  are,”Tipto 
says.  “That  should  be  up  to  the  qualifie 
security  people  on  their  staff,  and  certif 
cation  is  a  way  of  being  assured  they  ar 
properly  qualified.”  ■ 

YOUR  RESOURCE  FOF 
MORE  CISSP 
INFORMATION 

Contact  us  at: 

(ISC)2  Inc. 

(888)  333-4458  (North  America 
(727)  738-8657  (North  America 

fg| - i  (727)  738-8522  (North  America 

HQ — I  info@isc2.org 

jjjj| — I  www.isc2.org 

When  contacting  (ISC)2,  please  provid 
your  name,  full  mailing  address,  tele 
phone  and  fax  numbers,  and  your  e-ma 
address. 

(ISC)2  is  a  trademark  and  the  CISSP  cer 
tification  is  a  registered  trademark  c 
the  International  Information  System 
Security  Certification  Consortium,  Inc. 


S4 


October  6  -  8,  2002 
Loews  Coronado  Bay  Resort 
Coronado,  California 


DIFFERENT 


BUILDING  STRATEGIC  PARTNERSHIPS  TO  TRANSFORM  THE  BUSINESS 


SHARED 


THE  SUCCESS  OF  ANY  I.T.  OR  BUSINESS  INITIATIVE 
relies  on  our  ability  to  build  strategic  partnerships  with 
corporate  and  business  unit  management,  key  suppliers, 
vendors  and  customers.  That  success  will  only  come 
when  many  different  voices  embrace  shared  visions. 

To  get  there,  we  need  solid  strategies,  clear  prioritiza¬ 
tion,  understanding  and  buy-in— along  with  the  right 
infrastructure  and  resources  in  place.  Join  us  as  your 
CIO  peers  share  visions  on  ways  to  create  new  business 
value,  a  higher  ROI  and  more  strategic  deployment  of 
technology. 

□  rn\ 


Corporate  Hosts 


□ 


As  CIO  of  Humana,  Bruce  Goodman  has 

played  a  central  role  in  creating  customized  health 

care  for  his  company’s  6.4  million  members. 


For  good  or  ill,  CIOs  are  reshaping  the 
way  health  care  is  delivered  in  America 


Reader  ROI 

Learn  why  CIOs  are  involved 
in  fixing  health  care 

Find  out  how  technology  is 
helping  to  replace  managed 
care  with  new  kinds  of 
insurance 

Understand  the  ethical 
dilemmas  these  CIOs  must 
deal  with 


PHOTO  BY  JOE  HARRISON 


CRM 


BY  SCOTT  BERINATO 


ealth-Care  Change 


ix  months  into 

his  job  ab\CIO  at  Humana,  oiWof  the  nation/s  largest  health 
insurers,  Bruce  Goodman  was  called  into  a7 meeting  with  the 


pany’s  top  executives.  It  was  at  this  Yheeting  that  Goodman 


realized 


insures  about  6.4  million  people  in  18  states, 
was  forming  a  committee  to  “envision  a  new 
business  model”  for  health  care.  Managed 
care  had  failed,  and  it  was  time  to  replace  it. 

In  Hollywood,  such  an  overhaul  requires 
Denzel  Washington  to  hold  a  hospital 
hostage.  In  real  life,  fixing  health  care 
requires  something  else  entirely — the  CIO. 
Goodman  had  not  been  invited  to  the  meet¬ 
ing  to  play  a  supporting  role.  And  neither 
had  IT.  In  the  bid  to  cure  health  care’s  woes, 
IT  is  the  new  business  model. 


his  new  job.  Humana,  which 


At  its  heart,  the  new  approach  relies  on 
CRM  technology  to  customize  health  plans 
for  consumers.  Insurers  use  Web-enabled 
software  to  profile  individuals’  medical 
spending  needs  and  then  put  them  into  dif¬ 
ferent  plans.  Under  the  new  plans,  instead 
of  having  money  taken  out  of  their  pay- 
checks,  employees  accept  a  high  deductible 
or  allowance,  say,  $2,000  or  $3,000  per 
year,  out  of  which  they  pay  for  their  own 
health  care.  If  expenses  are  incurred  after 
the  allowance  is  burned,  the  insured  will 


have  to  pay  for  the  additional  care  but  only 
up  to  a  certain  cap,  say  $5,000.  After  that 
point,  health  care  is  covered  under  the  old 
managed  care  model. 

Consumers  can  choose  what  kind  of  plan 
they  want  and  how  much  they  intend  to 
spend  for  it.  For  instance,  someone  who  is 
healthy  and  doesn’t  need  expensive  medica¬ 
tions  would  be  steered  to  a  less  expensive 
plan  with  a  lower  allowance,  while  an  indi¬ 
vidual  with  a  chronic  condition  who 
requires  specialized  care  and  medicine 
would  need  a  more  expensive  plan. 

Theoretically,  this  health-care  model  will 
make  employees  better  consumers.  They’ll 
try  to  get  the  best  care  for  their  dollar.  At 
the  same  time  it  will  reduce  cost  for  the 
employers  and  insurers,  as  many  healthy 
people  are  overinsured.  Because  of  the 
potential  to  contain  cost,  most  of  the 
nation’s  largest  health  insurers,  including 
Aetna,  Cigna,  Humana  and  the  United- 


www.cio.com  •  JUNE  15,  2002  CIO  89 


CRM 


Health  Group  have  either  rolled  out  a  ver¬ 
sion  of  this  new  model  or  expect  to  do  so 
this  year.  A  number  of  startup  companies  are 
also  competing  in  this  space. 

“We’re  changing,  revolutionizing  health 
care,  and  technology  will  get  us  there,”  says 
Goodman,  who  came  to  the  Louisville,  Ky.- 
based  insurer  in  June  1999.  “Managed  care  is 
not  doing  what  it  needs  to.  These  [new  types 
of  health  insurance]  will  make  it  go  away.” 

But  while  the  IT-driven  model  does  offer  a 
way  out  of  the  health-care  swamp,  it  also 
introduces  profound  ethical  issues.  Critics 
of  the  new  approach  raise  the  specter  of 
rationing,  saying  it  will  shift  the  high  cost 
of  medical  care  to  the  sick  and  the  poor. 

“Whenever  you  substitute  savings  for 
insurance,  a  question  of  rationing  comes 
up,”  says  Deborah  Chollet,  a  health-care 
policy  expert  at  think  tank  Mathematica 
Policy  Research  in  Washington,  D.C.  “We’re 
going  toward  a  system  where  the  wealthy 
and  healthy  can  opt  out  of  the  problems.” 

If  CIOs  such  as  Goodman  are  using  CRM 
to  empower  this  revolution,  as  they  will  tell 
you  they  are,  then  they  had  better  be  prepared 


Under  Goodman’s  direction,  Humana  has  built  an 
online  tool  that  creates  health  plans  tailored  to 
its  members’  individual  medical  needs. 


to  understand  and  respond  to  its  social  impli¬ 
cations.  And  what  they  learn  in  the  process — 
about  implementing  the  technology  and  man¬ 
aging  its  use — goes  well  beyond  health  care. 
Other  industries,  from  financial  services  to 
retail,  are  also  exploiting  CRM  to  profile  cus¬ 
tomers  and  develop  customized  products.  The 
best  practices  developed  in  health  care  will  be 
of  value  to  CIOs  in  those  sectors  as  well. 

“The  role  of  the  CIO  is  much  more  criti¬ 
cal  now,”  says  Ken  Linde,  the  CEO  of 
Destiny  Health  in  Bethesda,  Md.,  a  sub¬ 
sidiary  of  South  Africa’s  Discovery  Health 
company  that  offers  health  insurance  under 
the  new  model.  “This  consumer-driven  area 
relies  so  heavily  on  information  that  the  CIO 
becomes  one  of  the  most  critical  positions 
in  the  company.” 

90  CIO  JUNE  15,  2002  •  www.cio.com 


deciding  how  much  to  reimburse  doctors 
and  hospitals  for  procedures.  If  the  provider 
didn’t  agree  to  the  new  rates,  the  insurer 
denied  access  to  its  insurance  network  and 
the  patients  who  used  that  network.  In  a  rea¬ 
sonably  short  time,  the  health  maintenance 
organization  was  king. 

But  not  for  long.  Patients  rebelled  against 
being  limited  in  their  choice  of  physicians  and 
hospitals.  And  doctors  and  hospitals  banded 
together  to  demand  better  reimbursement  rates. 
The  HMOs  had  to  listen  because  their  patient 
population  insisted  on  having  those  doctors  in 
their  network.  Patients  also  insisted  on  access  to 
expensive  new  drugs  and  treatments. 

By  2000,  health-care  costs  had  exploded 
again.  Trying  to  control  cost  seemed  like 
pressing  on  a  balloon.  Push  down  in  one 
spot  and  cost  bulged  out  in  another.  To  sta¬ 
bilize  cost,  health  insurers  have  now  latched 


HMORIP 

Health  insurance  started  in  the  United  States  as 
a  simple  fee-for-service  business.  You  received 
care  and  the  doctor  charged  a  fee  that  the 
insurance  company  paid.  By  the  mid-1980s, 
that  approach  was  generating  annual  double¬ 
digit  cost  increases.  Managed  care  was  meant 
to  straighten  out  the  mess.  Insurers  kept  cost 
down  by  organizing  exclusive  networks  and 

“Managed  care 
is  not  doing  what 
it  needs  to. 

These  new  plans  will 
make  it  go  away.” 

-BRUCE  GOODMAN,  CIO  OF  HUMANA 


PHOTO  BY  JOE  HARRISON 


PHOTO  BY  JEFF  SCIORTINO 


on  to  the  customized  health  plan  approach 
with  CRM  technology  as  its  linchpin. 

Though  each  insurance  company  has  its 
own  way  of  architecting  the  system,  all  of  them 
follow  a  similar  pattern.  There  are  four  basic 
pieces  of  CRM  that  CIOs  are  using  as  a  frame¬ 
work  for  building  the  new  insurance  plans. 
CUSTOMIZATION 

Medical  allowance  plans  will  fail  if  health 
insurers  don’t  help  consumers  understand 
how  big  their  allowance — which  is  usually 
stored  in  an  interest-bearing  savings 
account — should  be.  If  the  allowances  are 
too  high,  consumers  will  set  aside  more 
money  than  they  need  to.  Since  the  money 
can’t  be  used  for  anything  but  health  care, 
that’s  wasted  money.  If  the  account’s  too 
small,  consumers  will  have  to  pay  addi¬ 
tional  cost  out  of  pocket,  and  insurers  will 
end  up  managing  the  care  as  they  do  now. 


“We’re  looking  at 
the  radical 
free  marketization  of 
health  insurance.’’ 

-DAVID  GOLTZ,  CFO  AND 
INTERIM  CIO,  DESTINY  HEALTH 

Under  Goodman’s  direction,  Humana 
launched  a  limited  digital  health  plan  called 
Emphesys  last  October.  Just  last  month,  the 
company  rolled  out  SmartSelect,  a  more 
advanced  customized  health  plan  for  its 
more  than  14,000  employees.  That  prod¬ 
uct  will  be  sold  to  other  employers  this  year. 

With  SmartSelect,  employees  go  to  a 
website  and  are  asked  a  series  of  questions: 


How  often  do  you  use  prescription  drugs? 
How  often  do  you  visit  a  physician?  Would 
you  be  willing  to  use  generic  drugs?  Would 
you  want  to  see  a  doctor  at  a  teaching  hos¬ 
pital?  Do  you  have  any  chronic  conditions? 
After  answering  dozens  of  questions, 
SmartSelect’s  software  builds  several  health 
plans  with  42  possible  combinations,  each 


David  Goltz,  CFO  and  interim  CIO  of  Destiny  Health,  has 
built  an  online  calculator  that  helps  people  estimate  how 
much  they  will  need  in  their  health  plan  account. 


offering  differing  levels  and  areas  of  cover¬ 
age.  The  program  tells  users  what  their 
yearly  allowance  should  be  so  that  they 
won’t  put  too  much  or  too  little  aside.  The 
CRM  engine  presents  the  employees  with 
several  options:  They  can  choose  any  plan, 
but  the  tool  is  meant  to  help  them  under¬ 
stand  which  is  the  best  fit  based  on  their 
health-care  needs. 

INTERACTIVE  CONSUMER  TOOLS 

Until  now,  consumers  largely  have  been  kept 
in  the  dark  about  health-care  cost.  These  new 
plans  bring  them  into  the  loop.  “Ask  any¬ 
one  how  much  their  prescriptions  cost,  and 
they’ll  tell  you  $10,”  says  Deborah  Casurella, 
CIO  of  Definity  Health,  a  St.  Louis  Park, 
Minn. -based  startup  that  offers  customiza¬ 
tion  tools.  “They  have  no  idea  the  drugs  cost 
hundreds  of  dollars  or  that  a  physical  is 
$350.” 

To  inform  consumers,  the  CIOs  have  cre¬ 
ated  interactive  tools.  In  Casurella’s  case, 
one  of  the  most  effective  has  been  a  pre¬ 
scription  management  tool  that  went  live 
in  January.  In  addition  to  letting  consumers 
track  their  prescriptions  on  a  calendar  (how 
many  drugs  they’re  using,  when  they  fill 
them  and  so  forth),  the  tool  also  helps  them 
compare  generics  with  brand-name  drugs. 
“They  can  slice  the  data  many  ways.  We’ve 
found  it’s  a  very  quick  learning  curve,” 
Casurella  explains.  Goodman  created  a  sim¬ 
ilar  prescription  tool  now  available  to  all 
of  Humana’s  members. 

At  Destiny  Health,  which  offers  a 
savings-account-like  plan  to  almost  300 


I; 


www.cio.com  •  JUNE  15.  2002  CIO  91 


CRM 


Illinois-based  employers,  CFO  and  Interim 
CIO  David  W.  Goltz  has  built  a  cost  cal¬ 
culator  to  help  employees  estimate  how 
much  to  put  in  their  Personal  Medical 
Fund,  or  PMF.  Consumers  estimate  the 
number  of  doctor  visits,  medical  proce¬ 
dures  and  drug  purchases  they  anticipate 
in  the  coming  year,  and  the  calculator  cal¬ 
culates  their  expected  expenses.  It  also  spits 
out  how  much  consumers  should  put  in 
their  savings  account.  Much  like  financial 
investors,  health-care  consumers  will  be 
able  to  manage  their  entire  portfolio  online, 
doing  such  tasks  as  checking  prescriptions, 
requesting  and  receiving  reimbursements 
electronically,  changing  addresses  or  adding 
dependents. 

WEB  CONTENT 

Web  content  is  a  prerequisite  for  all  these 
new  CRM-based  plans.  Consumers  like 
accessing  health  information  online.  In  fact, 
more  Americans  go  online  to  do  health 
research  than  to  hunt  for  stock  quotes, 
check  sports  news  or  shop,  according  to  a 
recent  survey  from  the  Pew  Internet  & 


American  Life  Project. 

Casurella  works  hard  at  creating  a  con¬ 
sistent  look  and  feel  to  her  site’s  content, 
which  comes  from  all  over  the  Web.  Goltz 
says  he  puts  time  into  translating  content 
from  the  jargony  insurance  industry  into 
terms  consumers  understand.  Goodman’s 
vision  for  Web  content  is  for  customers  to 
be  able  to  access  patient  reviews  of  doctors, 
a  concept  not  that  different  from  what’s 
done  with  books  on  Amazon.com. 

All  of  this  is  secondary  in  importance  to 
the  credibility  of  content.  Many  consumer 
sites  fill  their  pages  with  content  written  in 
marketese  by  the  company  itself.  In  health 
care,  that  won’t  fly.  So  the  CIOs  cull  content 
from  sources  that  consumers  already  trust, 
sources  such  as  the  American  Medical 
Association  and  Johns  Hopkins  University. 

Aetna  Senior  Vice  President  and  CIO 
Wei-Tih  Cheng  has  gone  one  step  further. 
Staff  physicians  from  Harvard  Medical 
School  review  all  of  Aetna’s  Web  content, 
which  is  gathered  under  the  brand 
InteliHealth,  a  subsidiary. 


CORE  TECHNOLOGY 

CIOs  can  be  as  innovative  as  they  please  on 
the  consumer-facing  side  of  their  new  insur¬ 
ance  plans.  But  claims  still  have  to  get 
processed.  If  they  don’t,  the  new  model  will 
fail.  And  if  the  claims  systems,  or  prescrip¬ 
tion  databases,  can’t  send  their  data  to  the 
new  websites  as  soon  as  the  data  is  entered, 
then  the  personalized  websites  for  the 
insured  will  contain  erroneous  information. 

As  always,  integration  is  key.  When  you 
build  new  systems,  you  have  to  make  them 
serve  the  legacy  systems,  not  the  other  way 
around.  Meshing  the  new  with  the  old  is 
done  by  using  brand-name  players, 
Casurella  explains.  “We  develop  based  on 
Java.  We  make  sure  it  will  scale.”  She  says 
proprietary  is  the  enemy  here. 

Health  Care  as  a  Commodity 

The  benefits  of  the  new  approach  are  signif¬ 
icant.  The  insurance  companies  can  butt  out 
of  the  doctor-patient  relationship  until  the 
allowance  runs  out — which,  if  the  technol¬ 
ogy  is  tuned  correctly,  shouldn’t  happen. 


X 


How  to  Build  CRM  from  the  Ground  Up 


HUMANA  AND  AETNA  are  deep-pocketed  insurers. 

Destiny  Health  is  funded  by  a  deep-pocketed  insurer,  and 
Definity  Health  is  a  4-year-old  startup  that  relies  solely 
on  venture  capital.  Despite  these  radically  different  starting 
points,  the  CIOs  of  all  these  companies  have  built  the  technology 
that  drives  their  new  health-care  plans  in  remarkably  similar 
ways.  The  lessons  here  are  universally  applicable  to  any  industry 
where  CRM  and  customization  will  play  a  role.  They  are: 

Start  simple  so  that  you  can  move  quickly.  “We  focused  on 
getting  the  bare  minimum  working,”  says  Deborah  Casurella,  CIO 
of  Definity  Health  in  St.  Louis  Park,  Minn.  “The  interface  was 
basic.  Everything  was  basic.  I  told  the  company  we’ll  pretty  it  up 
later.  The  first  order  of  business  was  making  sure  we  could 
process  claims  accurately.” 

That  doesn’t  mean  don’t  have  a  plan.  Even  as  Casurella  threw 
her  plan  together,  she  knew  she  would  have  to  rearchitect  her 
data  model  to  prepare  the  system  for  scaling  to  thousands  of 
customers.  CIOs  must  also  plan  policies  for  protecting  confiden¬ 
tial  data,  such  as  prescriptions,  online.  Then  there’s  long-term 


planning:  “I’m  planning  infrastructure  so  that  sometime  down  the 
road  when  you  need  a  physical  you’ll  be  able  find  out  what  you’ll 
pay  at  five  different  local  providers,"  says  David  W.  Goltz,  CFO 
and  interim  CIO  of  Destiny  Health  in  Bethesda,  Md. 

“Partner  before  you  buy.  Buy  before  you  build.”  So  says  Bruce 
Goodman,  CIO  at  Louisville,  Ky.-based  Humana,  who  relies  on  no 
fewer  than  eight  partnerships,  chiefly  one  with  EDS  for  core 
systems.  Whatever  building  he  did  came  in  the  Web  design  arena. 

Build  to  scale.  It’s  no  use  moving  fast  if  you’re  building  to 
support  a  limited  number  of  users  for  a  pilot  and,  once  success¬ 
ful,  realize  the  system  won’t  scale.  Goodman  has  already  rolled 
out  his  system  to  14,000  employees  and  hopes  it  will  eventually 
be  used  by  millions.  Goltz  relies  on  an  Oracle-Sun  Microsystems 
combination  he  keeps  flexible.  “We  can  scale  it  quickly;  we  can 
change  it  quickly,”  he  says. 

“Don’t  box  me  in.”  Says  Casurella:  “We’ve  changed  and 
evolved  in  18  months  more  than  even  I  imagined.  I  won’t  box 
myself  into  a  technological  corner.  I  have  to  think  about  where  IT 
will  be  in  three  months."  -S.B. 


92  CIO  JUNE  15,  2002  •  www.cio.com 


Workforce  Productivity 


Before 


Web-based  labor  management  solutions  for  the  entire  workforce  —  configurable,  scalable,  real-time. 
Discover  how  you  can  improve  your  productivity  at  www.kronos.com/offer/solutions,  or  call  1  -800-225-1561 ,  ext.  8103 

i|  KRONOS 

Improving  the 
Performance  of 
People  and  Business'” 


©2001.  Kronos  Incorporated,  Kronos  and  the  Kronos  logo  ore  registered  trademarks  and  'Improving  the  Performance  of  People  and  Business'  is  a  trademark  of  Kronos  Incorporated  All  rights  reserved  Printed  in  the  U  S  A 


CRM 


That  should  cut  into  the  massive  bureau¬ 
cracy  of  reimbursement,  copays  and  network 
referrals.  Employers  can  offer  their  workers 
broader  coverage  since  their  employees  can 
apply  the  medical  allowance  to  whatever 
care  they  choose.  And  the  employees  can 
choose  what  drugs  to  use  and  what  doctor  to 
go  to  based  on  cost  and  need. 

“It’s  the  radical  free  marketization  of 
health  insurance,”  says  Goltz  of  Destiny 
Health. 

But  that  free  market  aspect  of  the  plan 
worries  many  health-care  experts. 

Even  the  man  credited  with  conjuring  up 
managed  care,  Uwe  Reinhardt,  an  econo¬ 
mist  at  Princeton  University,  is  concerned. 
Reinhardt,  along  with  others  like  Math- 
ematica’s  Chollet,  say  the  new  model  could 
end  up  shifting  cost  to  the  sick  and  the  poor 
by  making  them  pay  more  for  their  care.  In 
the  United  States,  about  80  percent  of 
health-care  expense  is  incurred  by  15  per¬ 
cent  of  the  population,  according  to 
Reinhardt.  But  that’s  not  how  the  cost  is  cur¬ 
rently  distributed.  There’s  always  been  a 
cross-subsidy  whereby  the  healthy  pay  more 
into  a  pool  of  risk  to  help  cover  those  with 
more  health-care  needs. 

“Normally  we  think  this  is  fair.  Something 
that,  as  a  society,  we  should  do,”  says  Dr. 
Stephanie  Woolhandler,  a  practicing  physi¬ 
cian  who  also  teaches  at  Harvard  Medical 
School.  “These  plans  eliminate  that.” 

With  the  new  plans,  for  instance,  healthy 
people  can  choose  less  expensive  generic 
drugs.  They  can  choose  to  go  to  commu¬ 
nity  hospitals,  rather  than  the  more  costly 
teaching  hospitals.  The  CRM  systems  will 
automatically  generate  a  plan  with  lower 
cost  for  someone  who  is  healthy.  A  chroni¬ 
cally  ill  patient  who  needs  brand-name 
drugs  and  requires  specialists  simply  won’t 
be  offered  the  choice  of  the  less  expensive 
plan.  And  since  research  shows  that  the 
poor  are  more  likely  to  be  chronically  ill,  the 
most  expensive  customized  plans  may  be 
offered  to  those  who  can  least  afford  them. 

The  new  plans  create  a  two-tiered  system 
in  more  ways  than  one.  The  technologically 
literate  who  have  access  to  the  Web  are 

94  CIO  JUNE  15,  2002  •  w ww.cio.com 


cio.com _ 

Will  CRM-generated  health  plans  lead  to 
rationing?  Go  to  www.cio.com  to  WEIGH 
IN  with  your  answer  in  this  forum. 


more  likely  to  benefit  from  the  CRM  offer¬ 
ings  than  those  not  so  connected. 

Already,  some  doctors  have  started  offer¬ 
ing  24-hour  “concierge”  service  whereby  a 
patient  can  pay  for  the  doctor’s  24-hour 
availability  and  other  deluxe  services.  It’s 
not  a  stretch  to  envision  IT  allowing  insur¬ 
ance  companies  or  providers  to  create  Web 
content  for  the  premium-paying  customers 
only,  or  set  up  special  e-mail  addresses  to 
which  a  doctor  gives  priority. 

“Health  care 
is  not  like  buying  a  car. 

If  you’re  sick  and 
you  have  to  take  the 
cut-rate  model,  that  could 
be  a  wrenching  piece 
of  news.” 

-DEBORAH  CHOLLET, 
HEALTH-CARE  EXPERT  AT  MATHEMATICA 
POLICY  RESEARCH 

After  all,  if  health  care  is  commodified, 
the  more  you  pay,  the  more  you  will  get. 
And  vice  versa. 

Chollet  believes  this  is  a  dangerous, 
undemocratic  trend.  “We  need  to  think 
about  health  care  differently,”  she  says. 
“It’s  not  a  car,  where  if  you  can’t  afford  the 
luxury  model,  you  settle  for  something  less. 
In  health  care,  if  you’re  sick  and  you  have 
to  take  the  cut-rate  model,  that  could  be  a 
wrenching  piece  of  news.” 

By  putting  the  money  in  the  consumers’ 
hands,  they  also  might  be  less  inclined  to 
spend  it  on  necessary  care.  “You’ll  have 
fewer  people  going  to  the  emergency  room 
for  a  cold  because  it  will  cost  them  $100. 
That’s  good,”  Reinhardt  says.  “But  you’ll 


also  have  fewer  people  getting  a  routine 
colonoscopy,  because  it  costs  $1,000  out  of 
pocket.  That’s  bad.” 

The  worst  part  of  this  for  Reinhardt  and 
others  is  the  role  technology  is  playing.  “IT 
is  making  the  capacity  to  discriminate 
worse,”  says  Chollet.  “It’s  frustrating.” 

Health-care  CIOs  are  cognizant  of  these 
ethical  issues.  And  they  say  they  are  trying  to 
address  them.  Most  of  the  new  plans  now  try 
to  separate  “cross”  services  (hospital  visits  and 
emergency  care)  from  “shield”  services  (doc¬ 
tor’s  visits  and  preventative  care).  At  Destiny, 
for  instance,  Goltz’s  plan  removes  necessary 
outpatient  procedures,  hospital  admissions 
and  medications  required  for  chronic  illness 
from  the  savings  account  allowance.  “Look,” 
Goltz  says,  “you  break  your  arm  and  need 
surgery,  you’re  not  going  to  want  to  negoti¬ 
ate  the  best  price  with  an  anesthesiologist. 
There’s  a  certain  point  where  health  care 
shouldn’t  be  negotiated.  But  there  are  plenty 
of  services  where  it  must  be.” 

What’s  certain  is  that  CIOs  will  continue 
to  be  part  of  the  mix  when  it  comes  to  health 
policy.  “IT  has  been  and  will  continue  to  be 
the  largest  part  of  our  organization,”  says 
Anthony  Miller,  CEO  of  Definity,  to  whom 
Casurella  reports.  One  of  Definity’s  cus¬ 
tomers  is  Textron,  the  parent  company  of 
Cessna  Aircraft  and  Bell  Helicopter. 

Miller  says  the  central  role  IT  plays  in  his 
company’s  product  has  had  an  unintended 
benefit:  staff  retention.  When  IT  workers  feel 
crucial,  they  tend  to  stick  around.  Definity 
has  lost  only  two  IT  staffers  in  two  years. 
“Having  [Casurella]  at  the  table  is  not  a  ques¬ 
tion  for  us,”  Miller  adds.  “It’s  a  necessity.” 

“Traditionally,  the  CIO’s  role  in  health 
care  was  supportive,  reactive,”  Goodman 
says.  “This  is  the  most  exciting  opportunity 
for  CIOs  I’ve  ever  seen.  We’ve  slowly  moved 
out,  reaching  further  and  further  into  the 
organization.  Now,  here  I  am  shaping 
health-care  policy.  This  has  to  be  the  culmi¬ 
nation  for  our  field.”  EH 


What  do  you  think  of  customized  health  care? 
Let  Senior  Writer  Scott  Berinato  know  via  e-mail 
at  sberinato@cio.com. 


FREE  APC  Multiple  Outlet 
Rack-mountable  Strip 

to  the  first  100  entrants. 

All  entrants  will  reci 
APCs  "Solutions  for 
Business  Networks" 


Be  one  of  the  first  100  to  mail  or  fax  this 
completed  coupon  or  contact  APC  and  you 
will  receive  a  FREE  APC  Multiple  Outlet  Rack- 
mountable  Strip!  All  entrants  will  receive  APC’s 
"Solutions  for  Business  Networks".  Better  yet, 
enter  today  at  the  APC  Web  site! 


Key  Code 

http://promo.apc.com  f 306y 

(888)  289-APCC  x6419  •  FAX;  (401 )  788-2797 


FREE  APC  Multiple  Outlet  Rack-mountable  Strip  for  the  first  100  entrants. 

All  entrants  will  receive  APC's  “Solutions  for  Business  Networks." 

□  YES!  Enter  me  to  win  1  of  100  FREE  APC  Multiple  Outlet  Rack-Mountable 

Strips  and  send  me  APC's  "Solutions  for  Business  Networks."  (See  APC  Web  site  for  complete  promotion  details}. 

□  NO,  I'm  not  interested  at  this  time,  but  please  add  me  to  your  mailing  list. 

Name: Title; 

Company: 

Address:  Address  2: 


City/Town: 


State: 


Zip: Country: 


Phone: 


Fax: 


E-mail: 


I  I  Ygs!  Send  me  more  information  via  e-mail  and  sign  me  up  for  APC  PowerNews  e-mail  newsletter.  \  Key  Code  f306y 


What  type  of  availability  solution  do  you  need? 

□  UPS:  0-1 6kVA  (Single-phase)  □  UPS:  10-80kVA  (3-phase  AC)  □  UPS:  80+ kVA  (3-phase  AC)  □  DC  Power 

□  Network  Enclosures  and  Racks  □  Precision  Air  Conditioning  □  Monitoring  and  Management  □  Cables/Wires 

□  Mobile  Protection  □  Surge  Protection  □  UPS  Upgrade  □  Don't  know 

Purchase  timeframe?  □  <  1  Month  □  1-3  Months  □  3-12  Months  □  1  Yr.  Plus  □  Don't  know 
You  are  (check  1):  □  Flome/Flome  Office  □  Business  (<1000  employees)  □  Large  Corp.  (>1000  employees) 

□  Gov't.,  Education,  Public  Org.  □  APC  Sellers  &  Partners 


Legendary  Reliability™ 


©2002  APC.  All  trademarks  are  the  property  of  their  owners.  APC4A1  EB-US_2C 


E-mail:  esupport@apcc.com 


132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA 


BUSINESS  REPLY  MAIL 

FIRST-CLASS  MAIL  PERMIT  NO.  36  WEST  KINGSTON,  Rl 
POSTAGE  WILL  BE  PAID  BY  ADDRESSEE 


AMERICAN  POWER  CONVERSION 


KEY  CODE:  f306y 
DEPARTMENT:  B 
132  FAIRGROUNDS  ROAD 
PO  BOX  278 

WEST  KINGSTON  Rl  02892-9920 


III . 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 II 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 


NO  POSTAGE 
NECESSARY 
IF  MAILED 
IN  THE 

UNITED  STATES 


How  to 
Contact  APC 

Call:  (888)  289-APCC 

use  the  extension  on  the  reverse 
side 

Fax:(401)  788-2797 

Visit:  http://promo.apc.com 

use  the  key  code  on  the  reverse 
side 


Legendary  Reliability' 


APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  provide 
you  with  the  flexibility  to  implement  a  highly  available, 
multi-vendor  environment.  APC  allows  you  to  create 
a  rack  environment  with  the  level  of  availability  you 


Look  for  these  other  great 
rack  accessories  from  APC 


Fixed  and  Sliding  Shelves 
Cable  Management  Shelves 
Fans 

Keyboards/Keyboard  Drawers 
Stabilization  Kits 
Power  Distribution  Units 


Visit  www.apc.com 
for  more  information! 


^  Visit  APC  at  . 


APC:  UPSs  and  So  Much  More 


require,  and  provides  you  with  the  accessories  and 
management  tools  to  maintain  that  level  of  availability 
over  time.  Our  expert  Configure-to-Order  Team  can 
custom  tailor  a  complete  rack-mount  solution  to  suit 
your  specific  requirements.  Contact  APC  today  and 
protect  your  rack  application  with  Legendary  Reliability '. 


Air  Distribution  Unit 


A  unique  2U  rack-mounted  fan  tray  unit  that  connects  into  raised 
floors  and  pulls  conditioned  air  directly  into  the  enclosure 

•  Dual  fans  provide  increased  air  flow  needed  to  cool  densely  packed  equipment 

•  Improves  air  delivery  in  poor  static  pressure  areas 

•  Enhances  air  quality  to  rack  equipment  by  providing  30%  efficient  filtration 

•  Adjustable  depth  to  fit  most  leading  enclosures 

NetShelter®  VX  Enclosures 


Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provide  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42"-deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"-deep,  42"-deep,  beige  or  black 


NetShelter®  Open  Frame  Racks 

Economical  open  frame  solutions  for  wiring  closets  and  data  center 
networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7'-high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6,  structural-grade  aluminum 

MasterSwitch™  Series _ 

Remote  power  distribution  for  network  administrators 

•  Users  can  configure  the  sequence  in  which  power  is  „  » 

provided  to  individual  receptacles  upon  start-up  .  #.■  -  ■"***  .. 

•  Built-in  Ethernet  interface  for  direct  connection  to  LAN  „  „ 

•  Individually  control  8  on-board  power  outlets  for  shown  mounted  inside  a 

complete  and  flexible  management  of  attached  equipment  NetShelter*  VX 

KVM  Switches _ 

Server  switches  designed  to  increase  system  availability  and  manageability 

•  4  and  8-port  models  available:  expandable  to  support  up  to  64  servers 

•  Models  available  that  support  Sun,  USB  and  PC  servers  simultaneously 

•  Built-in  scanning  feature  allows  you  to  automatically  monitor  your 
computers  without  intervention 

•  On  Screen  Display  (OSD)  functionality,  advanced  security  features 


ProtectNet® 


Data  line  surge  suppressors  for  comprehensive  network/PC  system  protection 

•  Protects  against  surges  and  electrostatic  discharge  traveling  through  data  lines 


LCD  Monitors 


High  quality  rack-mount  LCD  monitors  designed  to  maximize 
space  in  a  data  center  environment 

•  Provides  optimal  functionality  while  utilizing  only  1U  (1.75")  of  rack  space 

•  Includes  15"  LCD  monitor,  integrated  keyboard  and  integrated  pointing  device 

Cables _ 

•  APC  offers  a  comprehensive  line  of  cables  and  connectivity  solutions  to 
fulfill  the  connectivity  requirements  of  any  application  or  environment 


FREE  APC  Multiple  Outlet  Rack-mounted 
strip  for  the  first  100  entrants! 

To  order:  Visit  http://promo. ape.  com  Key  Code  f306y  •  Call  888-289-APCC  xB41 9 


All  entrants  will  receive 
APC's  "Solutions  for 
Business  Networks" 

Fax  401-788-2797 


Legendary  Reliability 


apcc  com  •  132  Fairgrounds  Ftoad.  West  Kingston.  Rl  02892  USA 


©2002  American  Power  Conversion.  All  Trademarks  are  the  property  of  their  owners  APC4A1  EF-USh  •  PowerFax  (8001 347-FAXX  •  E-mail  esuppon® 


Book  Excerpt  |  Leadership 


MANAGING 


peo 

Ipolitics 


Line  up  partners,  position  your  enemies,  and  control 
those  on  the  fence— six  lessons  in  being  a  leader 

BY  RONALD  A.  HEIFETZ  AND  MARTY  LINSKY 


\ 


Staying  Alive  through  the 
Dangers  of  Leading 

Ronald  A.  Heifetz 
Marty  Unsky 


Reprinted  with  permission  of 
Harvard  Business  School  Press. 
Excerpted  from  Leadership  on  the 
Line:  Staying  Alive  Through  the 
Dangers  of  Leading 
by  Ronald  A.  Heifetz  and 
Marty  Linsky. 

Copyright  2002  by  Ronald  A. 
Heifetz  and  Marty  Linsky. 


ONE  OF  THE  DISTINGUISHING  QUALITIES  OF  SUCCESSFUL 

people  who  lead  in  any  field  is  the  emphasis  they  place  on  per¬ 
sonal  relationships.  This  is  certainly  true  for  those  in  elective 
office,  for  whom  personal  relationships  are  as  vital  as  air  is  to 
breathing.  The  critical  resource  is  access,  and  so  the  greatest 
care  is  given  to  creating  and  nurturing  networks  of  people 
whom  they  can  call  on,  work  with  and  engage  in  addressing  the 
issue  at  hand. 

There  are  six  essential  aspects  of  thinking  politically  in  the 
exercise  of  leadership:  one  for  dealing  with  people  who  are 
with  you  on  the  issue,  one  for  managing  those  who  are  in 


9  6  CIO  JUNE  15,  2002 


www.cio.com 


PHOTO  BY  ALBERTO  CAPOLINO 


y^fryy,  .^>*1:^7 


Analysis  of  Key  Business  Initiatives 


Report  on  Increased  Downtime 
of  Mobile  Sales  Force  — — ^ 


Memo  on  Revenue  Impact  of 
Application  &  Systems  Failures 


Initiatives  to  Improve  Security  Caps 


.  ,  ,  -  -,rW. 


V** *  **fc *; ;  ’* ; 
■'<’.-  t* -?V. 

*■  |  ' 

.  ;  -  ' 


ISf&g 

*  >\  r  v 

1  ±r.  V-  .V.  %  e».  '  V  V  t  v 

£t  *  .  *  •  .  .  t 

ife&z&C'i'X 

Justifying  technology  investments  in  today’s  economy  is  an  uphill  battle.  How  can  you  concentrate  on  core  business  matters  such 
as  productivity  and  profitability,  and  still  have  time  to  manage  day-to-day  demands?  Fortunately,  there  is  a  company  that  will 
help  you  deliver  on  all  fronts.  Whether  you  need  complete  project  oversight,  managed  services  or  IT  support  staff.  Proven  IT 
value  realization  methodologies  and  ROI  metrics  that  ensure  quantifiable  results,  effective  project  governance  and  quality 
assurance.  Who  is  this  company?  It’s  the  one  Fortune  1000  companies  have  turned  to  for  the  past  30  years  for  proven 
technology  solutions.  For  more  information,  call  800-SPHERION  or  visit  www.spheriontechnology.com. 


©2002  Spherion  Pacific  Enterprises  uc  All  Rights  Reserved 


_l_ 

spherion 

technology 


Book  Excerpt 


Leadership 


opposition,  and  four  for  working  with 
those  who  are  uncommitted  but  wary — 
the  people  you  are  trying  to  move. 

FIND  PARTNERS 

Finding  partners  is  sometimes  easier  said 
than  done.  Both  your  own  faction  and 
other  camps  will  happily  watch  you  take 
on  the  challenge  alone. 

Partners  might  push  their  own  ideas, 
compromising  your  own.  Connecting 
with  them  takes  time,  slowing  you  down. 
And  working  with  a  group  might  dilute 
your  leadership — a  drawback  if  it  is 
important  that  you  get  credit,  or  if  you 
want  to  reassure  yourself  and  others  of 
your  competence. 

Tom  Edwards  and  Bill  Monahan 
worked  in  different  parts  of  a  manufactur¬ 
ing  company  in  the  Northwest.  Tom,  who 
worked  in  information  technology,  had 
found  in  Bill,  who  worked  in  sales,  a  reli¬ 
able  ally  for  moving  the  company  kicking 
and  screaming  into  the  world  of  high-speed 
IT.  Bill  not  only  worked  on  the  IT  adapta¬ 
tion  within  his  own  group,  but  he  gave 
Tom  credibility  on  the  issue  companywide. 

Tom  and  Bill  were  also  good  friends, 
and  their  families  socialized  with  one 
another.  One  evening  over  dinner,  Tom 
shared  with  Bill  his  strategy  for  getting 
the  senior  management  team  to  approve 
the  purchase  of  a  new  information  man¬ 
agement  system  at  a  meeting  the  next 
day.  In  the  long  run,  the  new  system 
would  save  the  company  millions  of  dol¬ 
lars,  but  in  the  short  run  implementa¬ 
tion  required  a  difficult  and  painful  tran¬ 


sition  in  which  some  folks,  including 
some  people  in  sales,  would  probably 
lose  their  jobs. 

Tom  sensed  some  coolness  in  Bill  after 
he  laid  out  his  plan  and  asked  whether 
something  bothered  him.  “I  wish  you 
hadn’t  told  me,”  Bill  said.  “I  need  to  pro¬ 
tect  my  people  on  this  one,  and  now 
you’ve  given  me  some  important  infor¬ 
mation  as  to  how  I  can  do  that  before 
tomorrow’s  meeting.” 

In  the  end,  Tom  did  not  lose  the 
alliance  because  Bill  had  openly  shared 
his  conflicting  loyalties.  But  more  often 
in  such  cases,  an  ally  like  Bill  would  have 
just  listened,  and  in  the  end,  he  might  be 
tempted  by  the  easier  option  of  staying 
loyal  to  his  sales  group  and,  in  their  inter¬ 
est,  abandon  Tom.  All  the  while,  a  per¬ 
son  in  Tom’s  shoes  might  show  up  at  the 
meeting  thinking  he  had  done  his  ground¬ 
work,  only  to  find  that  his  ally  had  done 
some  preparation  too  and  was  taking 
action  to  derail  the  project. 

It’s  a  mistake  to  go  it  alone.  Before 
your  next  meeting,  first  make  sure  you’ve 
made  the  advance  phone  calls,  tested  the 
waters,  refined  your  approach  and  lined 
up  supporters.  But  in  the  process,  find  out 
what  you  are  asking  of  your  potential 
partners.  Know  their  existing  alliances 
and  loyalties  so  that  you  realize  how  far 
you  are  asking  them  to  stretch  if  they  are 
to  collaborate  with  you. 

KEEP  THE  OPPOSITION  CLOSE 

To  survive  and  succeed  in  exercising  lead¬ 
ership,  you  must  work  as  closely  with 


your  opponents  as  you  do  with  your  sup¬ 
porters.  Most  of  us  cringe  at  spending 
time  with  and  especially  taking  abuse 
from  people  who  do  not  share  our  vision 
or  passion.  Too  often  we  take  the  easy 
road,  ignoring  our  opponents  and  concen¬ 
trating  on  building  an  affirmative  coali¬ 
tion.  But  rather  than  simply  recognizing 
your  own  anxiety  and  plowing  ahead,  you 
need  to  read  this  anxiety  both  as  a  vulner¬ 
ability  on  your  part  and  as  a  signal  about 
the  threat  you  represent  to  the  opposing 
factions.  These  are  clues  to  the  resistance 
you  will  face,  made  worse  if  you  do  not 
engage  with  your  opposition. 

People  who  oppose  what  you  are  try¬ 
ing  to  accomplish  are  usually  those  with 
the  most  to  lose  by  your  success.  In  con¬ 
trast,  your  allies  have  the  least  to  lose.  In 
other  words,  opponents  who  torn  around 
pay  dearly  in  terms  of  disloyalty  to  their 
own  roots  and  constituency;  for  your 
allies  to  come  along  may  cost  nothing. 
For  that  reason,  your  opponents  deserve 
more  of  your  attention,  as  a  matter  of 
compassion  as  well  as  a  tactic  of  strategy 
and  survival. 

Keeping  your  opposition  close  con¬ 
nects  you  with  your  diagnostic  job  too. 
If  it  is  crucial  to  know  where  people  are 
at,  then  the  people  most  critical  to  under¬ 
stand  are  those  likely  to  be  the  most  upset 
by  your  agenda. 

While  relationships  with 
allies  and  opponents  are 
essential,  it’s  also  true 
that  the  people  who 
determine  your  success  are  often  those  in 
the  middle,  who  resist  your  initiative 
merely  because  it  will  disrupt  their  life 
and  make  their  future  uncertain.  You 
need  to  ensure  that  their  general  resist¬ 
ance  to  change  doesn’t  morph  into  a 
mobilization  to  push  you  aside.  What  fol¬ 
lows  are  four  steps  you  can  take  that  are 
specifically  focused  on  them. 

Continued  on  Page  116 


The  people  who  determine  your 
success  are  often  those  in  the 
middle,  who  resist  because  it  will 
make  their  future  uncertain. 


98  CIO  JUNE  15,  2002  •  www.cio.com 


i4iu±r* 

» 

7) 

! 

sV 

We  need  global  scalability  without  overspending 


We're  losing  our  competitive  edge — what's  IT  going  to  do  about  it? 


Don't  take  the  heat  for 
infrastructure  limitations 


Yesterday's  centralized  infrastructure  melts  under  today's  e-business  demands. 
Akamai  eliminates  the  need  for  costly  overprovisioning  via  a  massively  distributed 
secure  computing  platform,  enabling  enterprises  to  instantly  access  customers, 
partners,  and  suppliers.  With  on-demand  scalability,  reliability,  and  global  reach, 
Akamai  increases  productivity  across  the  enterprise  and  provides  a  superior  user 
experience — contributing  to  bottom-line  savings  and  top-line  growth. 


Learn  how  your  e-business  can  benefit  from  Akamai  Technologies,  Inc 

get  our  Executive  Guide  to  E-Business  Infrastructure: 


www,akamai,com/CIOniag 


Akamai 


©  2002  Akamai  Technologies,  Inc.  All  Rights  Reserved.  Akamai  and  the  Akamai  logo  are  registered  trademarks.  All  other  trademarks  contained  herein  are  the  property  of  their  respective  owners. 


CIO  ADVERTISING  SUPPLEMENT 


E-BUSINESS:  PAYOFFS  &  PARTNERSHIPS  |  TALK  ISN'T  CHEAP 


TALK  ISN’T  CHEAP 

COMPANIES  REAP  PAYOFFS  WHEN  THEY  ALIGN  -  AND 
COMMUNICATE  -  NEW  E-BIZ  PROCESSES  AND  SYSTEMS 


OTICE  ALL  THE  TALK  LATE- 
ly  about  collaboration? 

This  is  the  other  half 
of  e-business;  without 
collaboration,  the  sell  side 

—  customer- facing  inter¬ 
actions  and  transactions 

—  cannot  deliver. 

And  deliver  it  must. 

Observers  estimate  that 
roughly  7  percent  of  overall  revenues 
are  now  generated  online.  In  five  years, 
predicts  Forrester  Research,  online 
business  will  account  for  20  percent  of 
overall  revenues. 

“E-business  —  its  technologies  and 
models  —  is  not  a  fad,”  says  Ralph  Wel- 
born,  senior  vice  president  at  KPMG 
Consulting.  “The  connectivity  —  of 
processes,  protocols  and  other  forms  of 
technology  —  is  becoming  ubiquitous 
and  essential  for  everyday  business.” 

Meanwhile,  the  potential  for  e- 
business-based  cost  reductions  and 
productivity  improvements  is  just 
beginning  to  be  realized.  For  instance, 
by  automating  its  purchasing,  FedEx 
has  reduced  procurement  cycle  times 
by  20-to-70  percent  and  cut  the  num¬ 
ber  of  its  suppliers  in  half.  Research  by 
MIT’s  Center  for  eBusiness  cites  abun¬ 
dant  payoffs  from  collaborative  e-busi¬ 
ness:  up  to  50-percent  inventory 
reductions,  and  40-percent  improve¬ 
ments  in  on-time  delivery. 

PROCESS  FIRST 

The  benefits  from  e-business  applica¬ 
tions  are  greatest  when  companies  first 


re-design  their  processes  and  then 
bring  in  technology  to  implement  and 
support  these  new  processes.  Accord¬ 
ing  to  Andrew  Bartels,  research  leader, 
e-business  applications  and  strategies, 
at  Giga  Information  Group,  “Failures 
arise  when  companies  introduce  the 
applications  without  changing  business 
processes.” 

A  glance  at  the  trouble  spots 
makes  it  clear  that  both  processes  and 


technologies  must  be  adjusted  to  fos¬ 
ter  interactions  not  only  across  an 
enterprise  but  between  them. 

“Many  corporations  have  hugely 
disparate  networking  systems  that 
don’t  fully  and  efficiently  support  their 
needs,”  says  Jorge  Blanco,  director  of 
strategy  and  planning  at  Avaya  Inc.  “In 
the  absolute  worse-case  scenario,  the 
system  actually  thwarts  the  ability  of 
the  company  to  be  responsive.” 


THE  ROI  OF 

COLLABORATION  TECHNOLOGIES 

Hints  about  the  payback  potential  of  collaboration  technologies  can  be 
found  at  companies  like  IBM,  which  claims  annual  savings  of  $100  million 
thanks  to  investments  that  enable  mobile  and  telecommuting  employees  to 
interact.  Similarly,  AT&T  (where  49  percent  of  managers  telecommute  at 
least  one  day  a  month  and  10  percent  do  it  full  time)  reports  $25  million  a 
year  just  in  real  estate  cost  reductions. 

Hands  down,  the  key  collaborative  application  today  is  e-mail,  which  has 
been  so  successful  at  enabling  interaction  across  time  zones  and  systems 
diversity  that  new  capabilities  are  emerging:  instant  messaging,  document 
sharing,  content  management  and  web  conferencing. 

Issues  to  consider  when  deploying  collaborative  technologies: 

■  SECURITY.  Many  organizations  outsource  to  secure  their  collaborative  systems, 
so  it’s  important  to  make  sure  these  capabilities  are  sufficient  and  appropriate. 

■  SYSTEMS  AND  PROCEDURES.  Workplace  habits  sprout  around  use  of  collabo¬ 
rative  technologies;  these  need  to  be  designed  —  via  such  constructs  as  vir¬ 
tual  teaming,  communities  of  practice,  threaded  discussions,  etc.  —  to  help 
realize  enterprise  goals. 

■  CONTENT  MANAGEMENT.  Emerging  technologies  help  collaborators  deal  with 
information  inundation,  automating  aspects  of  information  sharing  and 
routine  workflows. 


STRATEGIC  DIRECTIONS  3 


CIO  ADVERTISING  SUPPLEMENT 


E-BUSINESS:  PAYOFFS  &  PARTNERSHIPS  I  TALK  ISN'T  CHEAP 


It’s  not  hard  to  see  why: 

■  Data  important  to  decision-making 
remains  isolated  in  functional  silos, 
unavailable  to  other  systems, 

■  Single-task  applications  don’t  take 
into  account  and  so  don’t  respond  to 
the  impact  of  broader  dynamics  and 
conditions, 

■  Functionally-oriented  chunks  of  IT 
infrastructure  can’t  respond  to  cross¬ 
company  demands  and  share  data  only 
with  difficulty  (if  at  all). 

KEYS  TO  E-BUSINESS  STRATEGY 

In  order  to  achieve  the  desired  charac¬ 
teristics  of  a  uniform  e-business  infra¬ 
structure,  Kieran  Taylor,  director, 
product  marketing,  at  Akamai  Tech¬ 
nologies,  says  enterprises  must  elimi¬ 
nate  the  Internet  as  the  single  point  of 


failure  and  reduce  the  overall  complex¬ 
ity  in  their  infrastructures. 

KPMG  Consulting’s  Welborn 
suggests  several  strategic  initiatives 
CIOs  can  launch  to  realize  this  vision: 

■  SET  UP  PROJECT  OFFICES  to  oversee  IT 
investments,  support  projects  through 
standardized  methodologies,  control 
project  progress,  better  plan  for 
resources,  etc.; 

■  IMPLEMENT  QUALITY  PROGRAMS  to 

define  and  monitor  key  performance 
metrics  (six  sigma,  etc.); 

■  ESTABLISH  COST  MANAGEMENT  PRO¬ 
GRAM  OFFICES  to  realize  savings  in  con¬ 
solidating  servers  and  networks,  better 
managing  software  licenses,  off- shoring 
development,  renegotiating  with  ven¬ 
dors,  outsourcing  data  centers,  etc.; 

■  REFRESH  THE  TECHNOLOGY  INFRA¬ 


STRUCTURE  to  deploy  more  effective 
technologies  —  such  as  IP  telephony, 
thin  clients,  IP-ready  corporate  net¬ 
works,  etc.  —  with  the  assistance  of 
key  partners  and  vendors; 

■  OUTSOURCE  KEY  DOMAINS  OF  THE  IT 
INFRASTRUCTURE  when  appropriate, 
such  as  data  center  operations,  field  sup¬ 
port,  etc. 

“It’s  critical,”  Welborn  notes,  that 
e-business  initiatives  “be  seen  as  capabil¬ 
ity-enhancing  and  as  developers  of  assets 
that  can  accelerate  the  creation  of  value.” 

He  recommends  aggressively  seek¬ 
ing  out  the  assets  and  incremental 
capabilities  that  are  being  developed 
and  ensuring  that  these  assets  can  be 
and  are  being  leveraged  elsewhere  — 
whether  internally  or  externally  to  the 
organization.  SD 


-business  is  about  communication.  Faster,  easier,  more  flex- 

Eible  and  intuitive  ways  of  exchanging  information  is  what 
makes  e-business  possible.  Cingular  Wireless,  a  leader  in 
mobile  voice  and  data  communications  and  the  second 
largest  wireless  company  in  the  U.S.,  employs  a  variety  of 
x  );  f  robust  and  advanced  digital  technologies  to  help  customers 
build  wireless  strategies  around  their  own 
unique  organizational  needs  and  e-business 
demands.  Using  both  Mobitex  and  GSM  net¬ 
works  in  various  parts  of  the  nation,  Cingular 
delivers  high  quality  digital  voice,  messaging 
and  data  products  to  the  wireless  community. 

MOBITEX  HAS  YOU  COVERED 

Cingular  operates  a  nationwide  Mobitex  network,  covering  93  percent  of 
the  urban  business  population  in  the  U.S.  A  packet-switched  radio  technol¬ 
ogy,  Mobitex  provides  always-on  instant  two-way  messaging  and  data  deliv¬ 
ery  service  to  customers  across  the  country  and  is  a  preferred  choice  for 
wireless  communications.  What’s  more,  Cingular’s  Wireless  Mobitex  net¬ 
work  has  been  optimized  for  the  in-building  coverage  and  device  battery  life 
looked-for  by  e-business  customers.  Mobitex  has  networks  operating  in  22 
countries. 


GSM  is  currently  the  world’s  dominant  standard  as  well  as  the  fastest  grow¬ 
ing  wireless  telecommunications  technology  in  the  world  today.  Even  so, 
Cingular  has  already  launched  the  next  generation  of  wireless  and  voice 
networks  in  its  GSM  markets  —  these  GPRS  packet  networks  can  carry 
voice  and  data  at  speeds  of  up  to  115kbps, 

Cingular  Wireless  serves  more  than  21.6 
million  customers  in  38  states,  the  District  of 
Columbia  and  two  US  territories.  Cingular 
operates  in  42  of  the  top  50  markets  nation¬ 
wide.  Cingular  Wireless  operates  its  Mobitex 
data  service  throughout  the  United  States, 
covering  more  than  93  percent  of  the  urban 
business  population  located  in  492 
Metropolitan  Statistical  Areas  (MSAs)  and  non-MSAs  with  f  total  population 
of  200  million  people. 

3G,  or  the  third  generation  of  wireless  is  just  around  the  corner,  and 
Cingular  is  leading  the  way  with  leading-edge  solutions  for  e-business  com¬ 
munication  needs. 


For  more  information  on  Cingular’s  Wireless  solutions,  visit 
www.cingular.com 


X  cingular 

WIRELESS 

What  do  you  have  to  say? 


4  STRATEGIC  DIRECTIONS 


mm 


"f  yS  A 


■■■■  ■■■■•;•■•  ■  ,'•;■  - 


.  ....,,  .  -  V 


SYMBOL 

SPACE 


When  RIM,  developer  of  BlackBerry,M,  needed  a  reliable  network  partner,  they  looked  to  us.  So  it's 
only  natural  that  we  chose  BlackBerry  as  a  wireless  e-mail  solution  for  our  customers.  Handling 
over  9  million  secure  e-mails  everyday,  we  help  businesses  keep  things  moving  by  sharing 
information  anytime  and  anywhere.  It's  just  one  way  we  help  build  wireless  solutions  around  our 
customers'  specific  needs.  Maybe  it's  time  we  talked.  Give  us  a  call  at  1-866-446-7594,  or  visit  us  at 
www.cingular.com/business.  Also,  feel  free  to  download  our  "orange"  paper,  Executive  Guide  to 
Wireless  Data  Strategies,  when  you  visit  our  website. 


X  cingular 

WIRELESS 

What  do  you  have  to  say?1" 


BLACKBERRY 


W  I  H  I  l  l  S  t  tUAtl  SOtUTlON 


Cingular  Wireless,  "What  do  you  have  to  say?"  and  the  graphic  icon  are  Service  Marks  of  Cingular  Wireless  LLC.  ©2002  Cingular  Wireless  LLC.  The  BlackBerry  and  RIM  families  of  related  marks,  images  and  symbols  are  the  exclusive  properties  and  trademarks  or 
registered  trademarks  of  Research  In  Motion  Limited  -  used  by  permission  The  RIM  950  and  RIM  957  wireless  handhelds  operate  on  the  Cingular  Network. 


CIO  ADVERTISING  SUPPLEMENT 


E-BUSINESS:  PAYOFFS  &  PARTNERSHIPS  I  INTEGRATION 


INTEGRATION 


YES,  SYSTEMS  INTEGRATION  COSTS  MONEY, 

BUT  LACK  OF  IT  COSTS  BUSINESS 


orge  Blanco,  direc- 
tor  of  strategy  and  plan¬ 
ning  at  Avaya,  says  there 
is  absolutely  no  question: 
“The  tighter  the  integra¬ 
tion  of  various  IT  sys  ¬ 
tems,  the  greater  the 
ability  to  conduct  e-busi¬ 
ness  productively  and 
efficiently.” 

An  early-2002  study  by 
NerveWire  bears  this  out,  finding  that 
the  most  highly-integrated  companies 
see  revenue  boosts  that  average  40 
percent,  customer  retention  improve¬ 
ments  of  35  percent  and  cost  reduc¬ 
tions  of  30  percent.  What  distinguish¬ 
es  companies  with  these  results? 
They’ve  redesigned  their  processes 
and  learned  to  exploit  shared  applica¬ 
tions  and  databases. 

A  TREMENDOUS  MESS” 

Many  companies  have  invested  millions 
in  their  existing  infrastructure,  points 
out  Jon  Chun,  CEO  of  SafeWeb,  Inc. 
“Their  business  depends  on  their  exist¬ 
ing  systems,  which  they  will  not,  and 
cannot,  get  rid  of,”  Chun  says.  The 
challenge  for  IT  decision-makers  is  to 
find  new  technologies  that  interoper¬ 
ate  with  existing  systems  without 
adding  to  the  complexity  or  overhead. 


This  doesn’t  come  cheap.  On 
average,  integration  costs  claim  almost 
25  percent  of  IT  budgets,  according  to 
one  survey. 

“Companies  find  themselves  with 
a  tremendous  mess,”  says  Julie  Giera, 
research  fellow,  IT  services,  at  Giga 
Information  Group.  Millions  of  dol¬ 
lars  have  been  spent  to  create  these 
isolated  solutions  in  each  business 
unit,  none  of  which  are  integrated 
with  the  rest  of  the  computing  plat¬ 
forms.  “It  becomes  expensive  to 
maintain  and  almost  prohibitively 
complex  to  enhance,”  Giera  says. 

WHY  WEB  SERVICES  MATTER 

“Web  services  enable  the  rapid  deploy¬ 
ment  of  system  integration  solutions 
both  within  the  enterprise  and  between 
partners  or  suppliers,”  says  Richard 
Bell,  director,  product  marketing,  at 
Akamai  Technologies,  “because  they 
provide  a  standard  interface  between 
different  systems.” 

Delivered  over  the  Internet,  web 
services  applications  will  work  on  vir¬ 
tually  any  device,  from  PC  to  cell¬ 
phone,  and  can  be  mixed  and  matched 
as  desired  by  users.  Because  web  serv¬ 
ices  employ  a  common  set  of  standards 
and  protocols,  disparate  systems  can 
share  data  and  services  without  custom 


coding.  The  result:  dynamic,  realtime 
connectivity  between  the  online  opera¬ 
tions  of  different  organizations. 

This  is  the  first  time,  notes  Mike 
Gilpin,  research  fellow,  application 
infrastructure,  at  Giga  Information 
Group,  that  such  a  broad  cross-section 
of  vendors  has  agreed  on  such  a  funda¬ 
mental  tool  for  the  integration  of  soft¬ 
ware  applications.  “It  will  take  a  few 
years  for  this  broad  support  to  be  fully 
delivered,”  Gilpin  says,  “but  it  is 
already  clear  that  the  support  is  there, 
and  it  will  facilitate  much  easier  inte¬ 
gration  of  applications  both  within  and 
among  companies  in  a  value  chain.” 

It’s  been  estimated  that  web  serv¬ 
ices  will  reduce  costs  associated  with 
developing  system  interfaces  —  mid¬ 
dleware  —  by  as  much  as  20  percent. 

ENTERPRISE  SECURITY 

In  order  to  stay  competitive,”  says  Jon 
Chun,  CEO  of  SafeWeb,  Inc.,  compa¬ 
nies  need  to  extend  their  internal 
resources  to  remote  users  and  provide 
global  customers  with  instantaneous 
information.  “But  they  must  also  pro¬ 
tect  and  secure  this  information  as  it 
travels,”  Chun  says. 

This  means  having  the  capacity  to: 
■  DEFLECT  ATTACKS  with  hardening 
techniques  (encryption,  virtual  private 


6  STRATEGIC  DIRECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


E-BUSINESS:  PAYOFFS  &  PARTNERSHIPS  I INTEGRATION 


CASE  STUDY 


For  Tim  Plzak,  director,  advanced  technology,  Limited 
Technology  Services,  provider  of  information  technology 
services  and  support  to  the  parent  company  of  Victoria’s 
Secret,  there  are  compelling  reasons  for  turning  to  an  e- 
business  infrastructure  solutions  provider. 

“Start  with  cost,”  says  Plzak,  “Not  just  to  build,  but  to 
expand  capacity  or  increase  scalability  of  your  web  presence.  Those  num¬ 
bers  grow  very  quickly.” 

And,  he  continues,  even  if  you  are  willing  to  tackle  the  seen  and  unfore¬ 
seen  costs,  do  you  have  the  core  competencies  required,  do  you  have  the 
resources  available?  Because  at  the  end  of  the  day,  “downtime  and  per¬ 
formance  issues  typically  result  in  lost  business,  lost  revenue.” 

“We’ve  seen  significant,  true  total-cost-of-ownership  savings  because 
of  our  partnership  with  Akamai,”  he  reports. 

Akamai  is  a  leading  provider  of  secure,  outsourced  e-business  infra¬ 
structure  services  and  software.  Plzak  has  leveraged  Akamai’s  infrastruc¬ 
ture,  which,  he  says,  means  “we  actually  have  to  build  less  to  deliver  more, 
faster.  As  importantly,  by  offering  a  site  end-users  can  rely  on,  we  have 
strengthened  our  brand  equity.” 

DISTRIBUTED  IS  BETTER 

And  Plzak  believes  strongly  in  a  distributed  e-business  infrastructure  as  the 
way  to  build  a  secure,  reliable,  high  performing  website  that  will  keep  cus¬ 
tomers  committed  to  the  Victoria  Secret  brand. 

“From  the  end-user  perspective,  we’ve  dramatically  increased  reliabili¬ 
ty  and  performance  by  serving  up  content  from  the  edge,  from  the  Akamai 
servers  closest  to  our  customer,”  he  explains. 

“Simply  put,  distributed  is  better  because  it  reduces  your  business  and 


bandwidth  risk,  as  well  as  single- 
point-of-failure  issues,”  he  says.  “And 
thanks  to  Akamai’s  architecture,  dis¬ 
tributed  is  more  secure  than  ever.” 

“Enterprises  may  think  it’s  too  dif¬ 
ficult  to  engage  with  a  partner  and 
distribute  content  from  the  edge,  but 
the  reality  is  that  the  learning  curve  is 
extremely  fast  on  all  Akamai  prod¬ 
ucts,”  says  Plzak. 

FLAWLESS 
PERFORMANCE 

Victoria’s  Secret  has  already  leveraged  Akamai  to  distribute  content  and 
streaming  media,  while  Akamai’s  FirstPoint  load  balancing  solution  and  SSL 
secure  caching  service  played  significant  roles  in  the  success  of  the 
Victoria’s  Secret  webcast  fashion  shows. 

“We  dynamically  monitored  the  performance  of  the  website  throughout 
the  events,  distributing  content  and  users  appropriately  —  we  were 
streaming  the  webcast  video  at  unprecedented  levels,”  he  says.  “We  did 
shop  while  you  watch,  handling  astonishing  bursts  of  traffic.  And  we  man¬ 
aged  that  whole  process  through  an  SSL  network  built  in  partnership  with 
Akamai  just  for  the  event.  It  performed  flawlessly.” 

Plzak  has  a  lot  of  respect  for  Akamai’s  vision  and  technical  acumen  and 
is  looking  forward  to  exploring  opportunities  for  EdgeSuite,  which  supports 
application  serving  from  the  edge. 


For  more  information,  visit  www.akamai.com/CIOmag 


Tim  Plzak 

director,  advanced  technologq 
Limited  Technologq  Services 


networks,  firewalls),  backup  capabili¬ 
ties,  authentication  and  access  control, 
configuration  management, 

■  RECOGNIZE  INTRUSIONS  AND  LIMIT 
THEIR  DAMAGE  using  tools  that  moni¬ 
tor  systems  and  networks,  filter  con¬ 
tent,  scan  for  viruses,  identify  intrusion 
patterns, 

■  RESTORE  SERVICES  AFTER  AN  ATTACK 
OR  FAILURE,  relying  on  business  conti¬ 
nuity  plans,  redundancies  and  backup, 

■  ANALYZE  SECURITY  INCIDENTS  to  learn 
from  past  incidents, 

■  MANAGE  SECURITY  ENTERPRISEWIDE 


with  security  information  management 
products. 

Security  product  vendors  have 
been  combining  once-distinct  capabil¬ 
ities,  such  as  firewall  and  VPN,  in  a  sin¬ 
gle  appliance  that  costs  less  and  fea¬ 
tures  plug-and-play  ease  of  use. 

SafeWeb’s  SEA  Tsunami  appli¬ 
ance  takes  the  model  a  step  further 
by  embedding  multiple  technologies 
into  one  security  appliance  that  plugs 
into  existing  networks.  With  it,  com¬ 
panies  can  quickly  build  secure,  lega¬ 
cy-compatible  extranets  that  enable 


remote  users  to  access  network 
resources  via  web  browsers.  Admin¬ 
istrators  use  the  same  browser  to 
centrally  manage  all  remote  users  as 
well  as  to  customize  access  control 
and  user  portal  design. 

THE  STORAGE  YOU  NEED 

So  much  data  is  captured  by  modern 
24X7-style  operations,  says  Ralph  Wel- 
born,  senior  vice  president  at  KPMG 
Consulting,  that  the  overall  cost  of 
enterprise  storage  is,  in  many  cases, 
growing  more  rapidly  than  the  cost  of 


STRATEGIC  DIRECTIONS  7 


CIO  ADVERTISING  SUPPLEMENT 


E-BDSINESS:  PAYOFFS  &  PARTNERSHIPS  I  INTEGRATION 


WHAT  ARE 

WEB  SERVICES? 

A  means  of  integrating  diverse  applications  and  systems  that  are  linked  to  an 
Internet  protocol  (IP)  backbone,  web  services  are  founded  on  an  architecture 
that  defines  ways  to  communicate  by  means  of  several  standards.  These 
include  the  data  exchange  standard,  XML,  as  well  as  three  others: 

■  Simple  object  access  protocol  (SOAP)  for  transferring  data, 

■  Web  services  description  language  (WSDL)  for  describing  available  services 
and 

■  Universal  description,  discovery  and  integration  (UDDI)  for  listing  available 
services. 

Major  vendors,  including  Microsoft  (.NET),  Sun  Microsystems  (iPlanet),  IBM 
(WebSphere)  and  Hewlett-Packard  (NetAction)  have  invested  heavily  in  devel¬ 
oping  web  services. 


the  servers  and  other  computer  equip¬ 
ment  needed  to  access  and  process  the 
data  it  contains.  “This  means  that  a 
CIO  cannot  treat  all  data  equally,” 
Welborn  says.  “The  business  risk  of  los¬ 
ing  each  data  set  must  be  analyzed  and 
that  data  stored  in  a  manner  that  is 
appropriate  for  the  risk  of  loss  and  time 
of  recovery.” 

The  good  news  is  that  compre¬ 
hensive  storage  management  solutions 
are  now  available  from  Fujitsu  and 
TrueSAN.  And  the  new  Internet  small 
computer  systems  interface  (ISCSI) 
standard  promises  storage  and  retrieval 
at  gigabyte-per-second  speeds  over 
TCP/IP  networks. 

IP  MARRIES  VOICE  AND  DATA 

IP  telephony  solutions  available  now 
can  support  as  many  as  1  million  users 
on  a  network  and  deliver  all  the  quali¬ 
ty,  reliability  and  features  of  traditional 
PBXs  right  to  the  edge,  says  Avaya’s 
Blanco.  “Done  well,  IP  telephony  lets 
companies  work  more  efficiently  all 
through  the  network  —  whether  the 


network  supports  global,  campus, 
branch  or  remote  office  and  mobile  or 
home-based  workers,”  Blanco  says. 

Consider  JetBlue,  a  new  U.S.  air¬ 
line,  which  keeps  its  fares  as  much  as 
65  percent  below  rivals.  One  of  its 
secrets:  90  percent  of  reservations  are 
handled  either  online  or  by  home- 
based  agents  using  a  voice-over-IP 
(VoIP)  CRM  solution. 

Compared  to  analog  phones  tied  to 
traditional  PBXs,  VoIP  phones  (which 
are  connected  to  an  IP  telephone  data 
server  using  the  same  cabling  as  the  rest 
of  the  IT  network),  cost  less  to  install 
and  maintain.  And  the  poor  quality  trig¬ 
gered  by  network  congestion  and  pack¬ 
et  loss  have  been  addressed  by  quality- 
of-service  improvements. 

These  days  vendors  offer  con¬ 
verged  voice  and  data  solutions  of 
varying  combinations  and  strengths. 

Avaya’s  Unified  Communication 
solutions,  for  instance,  combine  voice, 
video,  data  collaboration,  and  directo¬ 
ry  access  capabilities.  Components 
include  unified  voice,  e-mail,  fax  and 


video;  multimedia  conferencing  and 
webcasting;  integrated  access  to  direc¬ 
tories  and  databases;  and  customizable 
calendaring,  scheduling  and  mobility 
handling. 

WHAT  ABOUT  WIRELESS? 

The  U.S.  lags  Europe  and  parts  of  Asia 
when  it  comes  to  wireless,  but  that’ll  be 
changing  soon,  and  IT  infrastructures 
will  have  to  be  adapted  to  an  increas¬ 
ingly  mobile  workforce.  Considerations: 

■  WIDESPREAD  3G  IS  ON  THE  WAY. 
“Third-generation  wireless  services  — 
defined  as  2 -Mbps  data  throughput  in- 
building,  384-kbps  walking  speed  and 
144-kbps  vehicular  speed  —  will  be 
available  in  2005,  in  an  average  traffic - 
load  situation,”  says  Brownlee 
Thomas,  research  director,  interna¬ 
tional  telecom  services,  at  Giga  Infor¬ 
mation  Group. 

■  MOBITEX  SERVICES  OFFER  A  3G  ALTER¬ 
NATIVE.  Always-on,  data-only,  packet- 
switched  Mobitex  services  are  much- 
used  by  public  transport  operators  in 
the  U.S.,  Europe  and  elsewhere.  A 
variety  of  devices,  including  Research 
in  Motion’s  BlackBerry,  work  with 
Mobitex.  In  the  U.S.,  Mobitex  servic¬ 
es  are  available  from  Cingular  Wireless. 

■  SUPPORTING  WI-FI.  “Many  companies 
find  that  mobility  results  in  increased 
productivity  and  that  increase  in  pro¬ 
ductivity  can  be  quantified,”  says  Stan 
Schatt,  research  leader,  communica¬ 
tions  and  networking,  Giga  Informa¬ 
tion  Group. 

Five  years  ago,  FedEx  began  using 
wireless  LANs  (wi-fi)  in  its  package 
sorting  and  aircraft  maintenance  oper¬ 
ations.  As  the  company  doubled  its  wi¬ 
fi  bandwidth  by  upgrading  proprietary 
systems  to  802. 1  lb-based  LANs,  it 
saw  productivity  leap  30  percent  at  its 
package  sorting  centers.  Now  FedEx  is 
implementing  wi-fi  across  two  cam¬ 
puses  as  an  extension  of  its  corporate 
network.  SD 


8  STRATEGIC  DIRECTIONS 


CIO  ADVERTISING  SUPPLEMENT 


FOR  HIPAA  COMPLIANCE,  NAMM  CALIFORNIA 
USES  SECURE  EXTRANET  APPLIANCES 


Although  NAMM  California  (North  American  Medical 

A  Management,  California)  still  relies  on  a  paper-based 
system  to  communicate  sensitive  reports  to  its  mem¬ 
ber  physician  groups,  Chuck  Wunderlich,  vice  presi¬ 
dent  of  e-business  and  applications  development,  has 
a  secure  electronic  vision  for  his  company. 

“What  I  envision  is  a  series  of  web  sites  we  create  for  the  use  of 
specified  physicians  groups  which  provide  sensitive  and  proprietary 
clinical  and  fiscal  information  from  us  to  them  in  a  HIPAA-compliant 
environment,”  says  Wunderlich.  What’s  more,  he  wants  to  extend 
the  secure  electronic  services  NAMM  California  provides  to  mem¬ 
ber  groups  to  e-mail. 

“The  need  to  be  HIPAA-compliant  in  electronic  mediums  extends 
to  e-mail.  Physicians  can’t  even  discuss  a  case  with  each  other  via  e- 
mail  unless  that  e-mail  system  follows  HIPAA’s  guidelines  for  securi¬ 
ty,”  Wunderlich  notes.  “That’s  a  lot  of  complexity  for  most  physi¬ 
cian’s  groups  to  have  to  worry  about.  I  want  to  help  our  physician’s 
groups  share  information  with  us  and  each  other  in  a  safe  and 
secure  environment  —  it’s  a  way  NAMM  California  can  add  value  to 
the  services  we  deliver.” 

As  the  second  largest  healthcare  organization  in  the  nation’s 
largest  state,  NAMM  California  manages  a  wealth  of  protected 
healthcare  information.  Under  contract  with  numerous  physicians 
groups  throughout  California,  NAMM  California  manages  all  of  the 
doctors’  administrative  contact  with  HMOs  —  everything  from  pay¬ 
ing  claims  and  member  eligibility  to  customer  service.  And,  like  mem¬ 
bers  of  its  industry  nationwide,  NAMM  California  will  have  to  make 
all  electronic  communication  compliant  with  the  recently  released 
federal  Health  Insurance  Portability  and  Accountability  Act  (HIPAA). 

SAYING  NO  TO  VPN  COSTS 

“We  already  had  a  secure  VPN  for  employee  access  to  e-mail,” 
reports  Wunderlich.  “And  I  didn’t  want  the  same  complication  and 
expense  of  set-up  and  administration  for  my  project  —  in  particu¬ 
lar,  I  didn’t  relish  having  to  set-up,  install  and  support  the  client 
software  for  every  physician.  When  I  learned  about  SafeWeb  and 
what  they  were  offering,  I  knew  I  had  found  exactly  what  I  needed 
and  wanted.” 

According  to  Wunderlich,  SafeWeb’s  Secure  Extranet  Appliance 


SafeWeb's  Secure  Extranet  ippfiaace  (SEA)  Tsunami 


(SEA),  the  SEA  Tsunami,  can  give  NAMM  California’s  remote  users 
(physicians  groups)  secure  access  to  NAMM  California’s  corporate 
intranet  from  anywhere  and  at  any  time  using  just  a  Web  browser 
—  no  hardware,  software,  downloads,  reconfiguration,  Java  or 
Active  X. 

“There’s  no  need  for  the  lengthy  planning  that  must  be  done  with 
standard  VPN  solutions;  no  changes  are  needed  to  our  existing  net¬ 
work  infrastructure  and  there’s  no  need  to  install  any  special  client 
or  server  software,”  says  Wunderlich.  “With  just  a  standard  brows¬ 
er  and  password,  our  members  can  be  assured  that  all  of  their  com¬ 
munications  with  us  and  through  us  are  secure.  And  the  SEA  Tsuna¬ 
mi  centralizes  all  management  of  remote  users  —  administrators 
can  see  everything  using  a  simple  web  interface.  There’s  also  some 
quite  useable  portal  software  that  I’ve  found  to  be  very  flexible  and 
easy  to  use. 

“This  is  simply  the  right  product  for  my  project  because  it  costs 
less  and  is  orders  of  magnitude  easier  and  faster  to  deploy  and  sup¬ 
port  than  any  of  the  other  alternatives  available.” 

Currently  going  into  a  pilot  test  with  one  of  its  physician’s  groups, 
Wunderlich  is  excited  about  bringing  secure  electronic  transactions 
to  his  company’s  customers  and  he  is  confident  in  SafeWeb’s  ability 
to  help  him  reach  his  goal  cost  —  and  time  —  effectively. 

“SafeWeb  has  been  great  to  work  with,  very  helpful,  technically 
astute  and  supportive,”  he  says.  “This  is  a  good  partnership  because 
SafeWeb  is  delivering  something  truly  useful  to  NAMM  California  and 
its  customers.” 


For  more  information  about  making  your  security  simple,  visit 
www.safeweb.com 


STRATEGIC  DIRECTIONS  9 


EBUSINESS:  PAYOFFS  &  PARTNERSHIPS  I  GETTING  CRN  RIGHT 


GETTING  CRM  RIGHT 

IT  ISN’T  JUST  A  SINGLE  PROJECT;  IT’S  A  NEW  WAY  OF  LIFE 


HE  PRESSURE  IS  INTEN- 
sifying  at  both  ends: 
customers  want  better 
service,  more  channels; 
stakeholders  want  lower 
operating  costs. 

Organizations  can 
make  progress  toward 
these  goals  with  systems 
and  technologies  that 
help  them  manage  their  relationships 


—  with  customers,  suppliers,  partners, 
employees. 

CRM:  A  COMPETITIVE  NECESSITY 

CRM  failure  rates  are  reported  to  be  as 
high  as  80  percent,  according  to  some 
analysts.  So  what  does  it  take  to  suc¬ 
ceed  at  CRM? 

“Executive  leaders  often  have  a 
detailed  vision  of  the  end  result  without  a 
thorough  understanding  of  the  bridges 


that  must  be  crossed  during  the  process,” 
says  Jim  Smith,  vice  president,  CRM 
solutions,  at  Avaya  Inc.  “Defining  key 
success  points  along  the  implementation 
path  and  taking  a  systematic  approach  to 
completing  and  evaluating  each  stage 
before  proceeding  to  the  next  helps  com¬ 
panies  build  on  a  pattern  of  success.” 

Some  advice  culled  from  observers 
and  experts: 

Continued  on  page  13 


CASE  STUDY 


E] 


MetLife’s  institutional  line  of  business  asked  KPMG  Consulting  to 
work  with  the  e-business  application  development  team  to  help 
establish  and  build  an  integrated  service  portal.  The  new  portal 
would  provide  a  single  point  of  access  to  ail  products  and  allow 
individuals  to  perform  online  self-service  such  as  enrollment,  ben¬ 
efit  inquiry,  and  other  transactions  utilizing  electronic  signatures. 
“KPMG  Consulting  brought  three  specific  things  to  the  table:  first,  a  proven  track 
record  of  delivery;  second,  industry-specific  knowledge,  both  in  terms  of  traditional 
competitors  and  emerging  technology-enabled  competitors;  and  finally,  they  not  oniy 
delivered  the  point  solution  to  the  specific  business  problem  that  we  were  looking  to 
address,  but  also  architectural  and  knowledge  frameworks  that  we  can  re-use  and  re¬ 
deploy  over  and  over  again  through  succeeding  efforts  within  the  company,”  notes 
Mark  Hammersmith,  SVP/CIO  Institutional  Business,  MetLife. 

Based  on  KPMG  Consulting’s  industry-specific  knowledge  and  technical  experi¬ 
ence,  MetLife  asked  the  KPMG  Consulting  team  to  concentrate  on  the  development 
and  implementation  of  an  Internet-enabled  enrollment  and  service  system.  The  KPMG 
Consulting  team  worked  with  MetLife  Institutional  Business  leadership  to: 

■  Analyze  current  enrollment  processes 

■  Identify  opportunities  for  leveraging  technology  across  the  various  product  lines 

■  Develop  business  requirements 

■  Participate  in  the  technical  design  and  development 

■  Present  a  proof  of  concept  using  Web-services  that  allows  for  integration  with 
MetLife’s  multiple  backend  systems 

■  Implement  an  initial  online  Internet  enrollment  application 


■  Deliver  the  contextual  application  framework 

■  Transfer  knowledge  to  MetLife  employees 

IMPROVING  THE  CUSTOMER  EXPERIENCE 


With  the  new  integrated  portal  and  the  online  enrollment  system  in  place,  MetLife  is 
now  able  to  provide  group  customers  with  a  single  destination  for  product  informa¬ 
tion,  enrollment,  and  other  transaction  processing.  Completed  on  time  and  within 
budget,  the  successful  project  implementation  helped  MetLife  Institutional  Business: 
a  Improve  the  customer  experience 
a  Reduce  processing  costs 
a  Enhance  service  capabilities  for  plan  sponsors 
a  Increase  operating  earnings 
a  Implement  cutting-edge  technology 
a  Enrich  and  energize  MetLife  employees 

“MetLife’s  employee  benefit  portai  allows  employees  to  make  the  most  of  their  ben¬ 
efits  by  providing  access  to  personalized  information,  empowering  emp!oye8|fo  make 
benefit-related  decisions  and  manage  their  benefits  themselves  through  self-service. 
This  benefit  portal  provides  a  multi-product- solution  that’s  easy  for  employees  to  use. 
This  new  technology,  delivered  with  KPMG  Consulting,  supports  MetLife’s  leadership 
position  in  the  Institutional  Benefits  marketplace,”  reports  Jim  Gemus,  vice  president, 
Institutional  eBusiness  and  Banking,  MetLife. 


To  iearn  more,  contact  KPMG  Consulting  at  1-866-FOR-KCIN  or  visit 
their  Web  site  at  www.kpmgconsulting.com 


10  STRATEGIC  DIRECTIONS 


— 


“We  told  KPMG  Consulting: 
we  need  a  web-based 
enrollment  system  so  simple... 


— 

s  «§$ . m  i, .  1 


~ - - - 


mi 


Mark  Hammersmith 

CIO  Institutional  Business,  MetLife 


Paul  McDonnell 

Managing  Director,  Financial  Services,  KPMG  Consulting 


"...that  our  MetLife  customers  can  more  easily  manage 
their  financial  future. 

"The  MetLife  mission  is  to  build  financial  freedom 
for  our  customers.  KPMG  Consulting  worked  with 
us  to  design  and  build  an  on-line  system  faster  than 
we  had  thought  possible.  The  new  system  gives 
our  customers  a  single  site  for  enrollment,  product 
information,  and  performance. 

"Our  customers  and  our  own  employees  are 
very  happy  with  their  ‘new  freedom.'  Customer 
satisfaction  scores  are  up,  and  so  are  employee 
productivity  and  our  operating  earnings." 


“We're  delighted  that  we  surprised  MetLife  with  how 
quickly  we  were  able  to  help  them  design  and  build  their 
new  on-line  system. 

"But  we're  even  happier  that  the  system  helped  them 
become  an  even  more  successful  company. 

"After  all,  that's  the  reason  we're  in  business." 


YOU  CAN  HEAR  THEIR  STORY  @  www.kpmgconsulting.com/results 

BUSINESS  SYSTEMS:  STRATEGY  IMPLEMENTATION  RESULTS 

KPMG  Consulting 

©2002  KPMG  Consulting.  Inc  All  hghts  reserved  KPMG  Consulting.  Inc.  is  an  independent  consulting  company 


With  Avaya,  you’re  already  this  close  to  IP  Telephony. 


In  fact,  you  can  use  what's  in  your  own  network.  Now  Avaya,  the  leader  in  voice  solutions, 
has  extended  IP  Telephony  to  an  open  architecture.  So  our  feature-rich  MultiVantage r“ 
Software  can  work  with  your  existing  investment,  allowing  you  to  have  Enterprise  Class  IP 
Solutions  anywhere  in  your  network.  That  means  you  get  gentle  migration  and  flexible 
deployment  from  the  core  to  the  edge,  or  the  other  way  around.  Learn  how  a  network 

re  to  IP  Telephony.  Visit  avaya.com/yes 


AVAyA 


COMMUNICATION  WITHOUT  BOUNDARIES 


CIO  ADVERTISING  SUPPLEMENT 


E-BUSINESS  |  GETTING  CRM  RIGHT 


Continued  from  page  10 

BIND  TO  BUSINESS  STRATEGY.  Compa¬ 
nies  need  to  be  very  clear  about  what 
type  of  CRM  they’re  looking  for,  how 
it  ties  to  their  overall  business  strategy, 
and  what  type  of  results  they  expect, 
says  Erin  Kinikin,  research  leader,  e- 
business  applications  and  strategies,  at 
Giga  Information  Group.  “There’s  no 
such  thing  as  a  one-size-fits-all  CRM 
solution,”  Kinikin  says. 

COPE  WITH  IMPLEMENTATION  COMPLEXITY. 
Don’t  assume  that  CRM  is  a  single  proj¬ 
ect,  warns  Bobby  Cameron,  principal 
analyst,  technology  leadership,  at  For¬ 
rester  Research.  “Successful  CRM 
investments  break  into  at  least  four  proj¬ 
ects,  based  on  the  customers’  perspec¬ 
tive  —  awareness,  consideration,  pur¬ 
chase  and  service,”  he  says. 

MEASURE  TWICE.  Companies  must  build 
in  measurement  strategies  with  the  tech¬ 
nology  implementation,  says  Kinikin. 
“Eighty  percent  of  companies  don’t 
have  a  clear  measurement  strategy  for 
CRM,”  Kinikin  says.  “How  can  you  get 
where  you  want  to  go  if  you  can’t  read 
the  sign  posts  along  the  way?” 

BRING  IP  INTO  THE  CONTACT  CENTER. 
Yankelovich  Partners  research  shows  that 
63  percent  of  potential  web  purchasers 
will  not  regularly  engage  in  web-based 
transactions  until  websites  enable  them 
to  interact  with  a  human  being.  Inter¬ 
net-enabling  the  contact  center  can  help. 

When  Arkansas-based  SunTrust 
Credit  brought  IP  telephony  to  its 
front-  and  back-office  operations,  pro¬ 
ductivity  in  its  outbound  call  center 
went  up  nearly  80  percent.  Its  50 
agents  can  now  handle  more  than 
20,000  calls  a  day. 

SPOT  SELF-SERVICE  OPPORTUNITIES. 

“Self-service  is  frequently  implemented 
with  the  goal  of  saving  money,”  says 
Avaya’s  Smith,  “but  it  also  provides 
customers  with  a  welcome  new  avenue 
of  interaction  with  a  company.”  Self- 
service  via  voice  and  web- based  inter¬ 


action  has  been  implemented  prof¬ 
itably  by  many,  many  companies  with 
the  result  being  higher  customer  satis¬ 
faction,  Smith  adds. 

In  providing  financial  services  to 
manufacturers,  distributors,  dealers  and 
their  customers,  GE  Capital  Vendor 
Financial  Services  (VFS)  fields  45,000 
calls  every  month.  Avaya’s  interactive 
voice  response  system,  Conversant, 
enabled  VFS  to  keep  customer  service 
quality  high  as  call  volume  increased 
without  adding  staff.  Conversant 
answers  98  percent  of  the  calls  VFS 
gets  and  its  self-service  capabilities 
resolve  27  percent  of  these  calls  with¬ 
out  need  of  a  customer  service  rep. 
DELIVER  CONTENT  FROM  THE  EDGE.  As 
the  Internet  gets  more  crowded,  net¬ 
work  complexity  becomes  an  issue. 

“Achieving  simplicity  and  unifor¬ 
mity  in  network  architectures  has 
begun  to  take  on  greater  urgency,”  says 
Kieran  Taylor,  director,  product  mar¬ 
keting,  at  Akamai  Technologies. 

Akamai  runs  a  content  delivery 
network  that  supports  EdgeSide 
Includes  (ESI),  an  open  specification 
for  assembly  and  delivery  of  highly 
dynamic  web  content.  Content  deliv¬ 
ery  takes  place  at  the  ‘edge’  of  the 
Internet,  from  optimally  located  and 
load  balanced  servers  that  are,  in  turn, 
connected  with  content  generation 
infrastructure  deployed  in  well-con¬ 
nected  central  hosting  networks  or  cor¬ 
porate  date  centers. 

When  gardening  catalog  retailer 
Smith  &  Hawken  decided  to  redesign 
its  website  just  before  the  1999  holiday 
season,  it  turned  to  Akamai  to  handle 
image  delivery.  The  new  website  can 
juggle  1,500  simultaneous  visitors  and 
uses  a  clean  design  that  enables  the 
homepage  to  be  downloaded  in  just 
1.5  seconds.  Result:  Holiday  1999 
sales  were  12  times  1998’s,  and  since 
then  the  number  of  website  visitors  has 
grown  by  a  factor  of  seven.  SD 


IP  Telephony. 
Where  to  start? 

With  Am  ay  a  Enterprise  Class 
IP  Solutions  (ECU PS) 
featuring  MultiVantage m 
Software,  start  anywhere 
in  your  network. 


S8700  Media  Server 


At  the  core. 

•  Delivers  up  to  99.999% 
reliability 

•  Scalable  from  20  to 
1  million  users 


G700  Media  Gateway 


At  the  edge. 

•  Survivable  remote  location 

•  Standards-based  distributed 
architecture 

•  Cost-effective  option 


With  a  specific  workgroup. 

•  First  to  seamlessly  extend 
applications  to  cellular 

•  Takes  applications  to  remote 
and  mobile  workers  for 
greater  productivity 


Learn  how  a  network  assessment  can 
help  you  discover  how  close  you  are 
to  IP  Telephony.  Visit  avaya.com/yes 


AVAyA 

COMMUNICATION  WITHOUT  BOUNDARIES 


STRATEGIC  DIRECTIONS  13 


CIO  ADVERTISING  SUPPLEMENT 


E-BDSINESS:  PAYOFFS  &  PARTNERSHIPS  I  BUY  TS.  BUILD 


BUY  VS.  BUILD 

SOME  BUSINESSES  SAVE  BIG  HEADACHES  AND  DOLLARS 
BY  OUTSOURCING  E-BIZ  INFRASTRUCTURE  AND  SERVICES 


uesch  International 
Finance  moves  lots  of 
money  —  more  than  $  1 0 
billion  in  cross-border 
transactions  annually  for 
nearly  30,000  corporate 
clients  —  and  needs  a 
secure  intranet  for  com¬ 
munications  between  its 
offices  around  the  globe. 
The  company’s  decision  to  trust  Genu¬ 
ity  to  host  an  IP  alternative  to  its  lega¬ 
cy  frame-relay  network  has  paid  off: 
annual  bandwidth  savings  have  added 
up  to  $600,000;  network  engineering 
staff  costs  are  down  $300,000;  and  PC 
training  costs  have  been  cut  by 
$100,000  a  year. 

Black  Entertain¬ 
ment  Television’s 
website,  BET.com, 
gets  1.5  million  visi¬ 
tors  a  month  and 
expects  to  be  twice 
as  busy  by  yearend. 

Keeping  up  with  the 
traffic  it  attracted 
was  a  struggle  until  it  turned  to  Aka¬ 
mai’s  service,  which  for  $20,000  per 
month  has  enabled  BET.com  to  dou¬ 
ble  traffic  and  handle  it  six  to  1 0  times 
faster  —  all  without  buying  a  single 
new  computer  or  renting  any  more 
space  in  a  data  center.  BET.com 
reports  $1.3  million  in  net  first-year 
benefits  from  Akamai’s  services. 

SIMPLIFY,  SIMPLIFY 

The  ability  to  reduce  and  simplify  mis¬ 
sion-critical  infrastructure  and  staff  is 


vital,  asserts  Kieran  Taylor,  director, 
product  marketing,  at  Akamai  Tech¬ 
nologies.  “When  enterprises  attempt  to 
build  out  an  e-business  infrastructure 
on  their  own,  the  answer  is  a  costly 
solution  that  lacks  reach  and  perform¬ 
ance,”  Taylor  says.  Moreover,  this  solu¬ 
tion  is  difficult  to  manage  —  especially 
internationally  —  and  requires  dollars 
and  time  to  keep  up  to  date. 

The  use  of  an  outsourced,  man¬ 
aged  global  content  and  application 
distribution  network  eliminates  the 
complexity  of  having  to  negotiate  sep¬ 
arate  contracts  with  different  network 
providers.  In  addition,  the  use  of  out¬ 
sourcing  enables  the  CIO  to  deploy 
scarce  and  slcilled  IT  resources  on  the 


things  that  they  do  best  —  creating  the 
content  and  business  applications  that 
enable  competitive  advantage. 

Using  its  own  EdgeSuite  e-busi¬ 
ness  infrastructure  services,  Akamai 
saved  nearly  $700,000  during  the  first 
year  and  expects  to  save  $275,000  a 
year  more  because  it  doesn’t  need  to 
deploy  additional  websites.  In  the 
process,  the  company  re-purposed 
$62,000  worth  of  high-end  servers, 
boosted  the  number  of  website  visitors 
by  64  percent,  decreased  time-to-mar¬ 


ket  of  four  new  web  properties  by  two 
months  (with  no  additional  hardware 
or  staff)  and  took  fewer  than  three 
hours  to  enable  business  intelligence 
tools. 

When  US  Foodservice  decided  to 
expand  its  distribution  business  with  a 
web-based  retail  channel,  it  turned  to 
Genuity,  which  was  already  hosting  the 
company’s  informational  website. 
Despite  the  need  to  integrate  legacy 
systems  as  well  as  database  and  opera¬ 
tional  systems  from  recent  acquisitions, 
Genuity  got  Next  Day  Gourmet.com’s 
website  —  complete  with  customized 
storefronts  for  US  Foodservice’s  busi- 
ness-to-business  customers  —  launched 
within  a  three-month  deadline.  Some 


17,000  visitors  showed  up  the  first  day, 
and  both  cost  savings  and  improved 
customer  service  were  quickly  apparent. 
For  instance,  getting  product  from 
warehouse  to  customer  now  takes  just 
two  days  rather  than  ten. 

MAKING  OUTSOURCING  PAY  OFF 

Ralph  Welborn,  senior  vice  president 
at  professional  services  firm  KPMG 
Consulting,  offers  several  recommen¬ 
dations  for  CIOs  considering  out¬ 
sourcing: 


IF  CIOS  DO  NOT  AGGRESSIVELY,  HONESTLY, 

AND  OBJECTIVELY  REVIEW  THEIR  CAPABILITIES, 
STRENGTHS,  AND  WEAKNESSES ...  SOMEDAY 
THE  DECISION  ABOUT  WHETHER  AND  WHAT  TO 
OUTSOURCE  WILL  BE  MADE  FOR  THEM. _ 


14  STRATEGIC  DIRECTIONS 


E-BUSINESS:  PAYOFFS  &  PARTNERSHIPS 


BOY  VS.  BUILD 


CASE  STUDY 


mr?. 


On  the  doorstep,  every  morning,  no  exceptions  —  that’s 
the  rule  of  the  newspaper  business. 

And  key  to  getting  out  the  paper  is  an  unfailing  commu¬ 
nications  system. 

“If  we  don’t  have  communications,  we  don’t  have  a 
newspaper,”  agrees  Thomas  Dunkerley,  communications 
manager  at  the  Seattle  Times. 

One  of  the  nation’s  largest  family-owned  newspapers,  the  Seattle  Times 
supports  about  1,500  people  on  a  multi-ven¬ 
dor  network  that  encompasses  the  head¬ 
quarters,  three  news  bureaus,  two  contact 
centers,  two  printing  facilities,  and  22  distri¬ 
bution  warehouses.  Dunkerley’s  strict  crite¬ 
ria  for  the  newspaper’s  migration  to  IP 

telephony  reflect  how  critical  his  communications  are:  “reliability,  voice 
quality,  cost  savings,  ease  of  deployment,  and  minimal  disruption.”  His 
choice?  Avaya™  Enterprise  Class  IP  Solutions  (ECLIPS). 

In  the  Seattle  Times’  main  facility  a  new  Avaya™  S8700  Media  Server 
connects  to  an  Avaya  DEFINITY®  Enterprise  Communications  Server  func¬ 
tioning  as  a  media  gateway.  A  fully-redundant,  Linux-based  server  pair,  the 
Avaya  S8700  Media  Server  supports  up  to  12,000  IP  stations  and  supports 
a  mix  up  to  36,000  stations,  which  include  analog,  digital,  and  IP.  With  the 
traditional  cabinet  as  a  media  gateway,  it  supports  Dunkerley’s  existing  PBX 
components  as  well  as  his  new  IP  telephony  deployment  —  significantly 
increasing  his  return  on  investment  for  both. 

Running  on  the  Avaya  S8700  media  server,  Avaya  MultiVantage™ 
Software  extends  reliability,  voice  quality,  and  full  call  processing  function¬ 


ality  to  the  edge  of  the  Seattle  Times’  network.  Avaya  MultiVantage  is  high- 
performance  software  that  provides  up  to  99.999%  reliability  and  more 
than  500  voice-application  features.  Open  architecture  enables  easy,  cost- 
effective  interoperability  with  the  Seattle  Times’  existing  communications 
infrastructure,  while  performance  ranging  to  300,000  Busy  Hour  Call 
Completions  (BHCC)  supports  the  busiest  contact  center  days. 


AVAyA 


FUTURE  BENEFITS  CLEAR  ACROSS  THE  ENTERPRISE 

Since  migrating  the  newspaper’s  East  Side 
News  Bureau  with  complete  success  —  no 
disruption,  excellent  voice  quality,  and  compli¬ 
ments  for  the  Avaya™  IP  Telephones  — 
Dunkerley  will  now  extend  IP  telephony  across 
the  Seattle  Times’  network.  Among  the  bene¬ 
fits  he’s  anticipating:  contact  center  applications,  ACD  and  IVR  support, 
telephone  portability,  and  remote  administration. 

“This  particular  solution,”  he  says,  “met  our  needs  ‘to  a  T.’” 

Nearly  a  million  customers  —  including  90%  of  the  FORTUNE®  500  — 
rely  on  Avaya  solutions.  Bringing  high-quality  telephony  performance  and 
reliability  to  IP,  Avaya  ECLIPS  offers  unlimited  choices  to  rethink  rather  than 
reinvent  your  network  without  compromise. 

For  more  information,  visit  www.avaya.com. 

(c)  2002  Avaya  Inc.  All  rights  reserved.  The  Avaya  logo  is  a  trademark  of  Avaya  Inc.  All  trademarks 
identified  by  ®  and  ”  are  registered  trademarks  or  trademarks,  respectively,  of  Avaya  Inc.  All  other 
registered  trademarks  or  trademarks  are  property  of  their  respective  owners. 


■  DESIGN  a  service  operating  model 
meticulously  and  clearly  document  and 
negotiate  associated  and  appropriate 
service  levels  —  include  benchmark 
clauses; 

■  MAINTAIN  a  strong  strategy  and  archi¬ 
tecture  function  in  order  to  pro-active¬ 
ly  control  the  outsourcer; 

■  SECURE  savings  early  in  the  contract, 
not  at  its  end; 

■  SET  cost-saving  targets  as  these  will 
stretch  the  ability  of  the  outsourcer  to 
deliver  the  necessary  quality;  and, 

■  CONSIDER  fail-back  strategies  and 
multivendor  configurations. 


CREATING  AN  IT  SERVICE 
DELIVERY  STRATEGY 

CIOs  should  closely  evaluate  where  in 
their  enterprise  they  truly  add  value  to 
an  IT  product  or  service,  suggests  Julie 
Giera,  research  fellow,  IT  services,  at 
Giga  Information  Group. 

The  danger  here  is  that  if  CIOs  do 
not  aggressively,  honestly,  and  objec¬ 
tively  review  their  capabilities, 
strengths,  and  weaknesses  —  and  cre¬ 
ate  an  IT  service  delivery  strategy  that 
is  based  upon  those  strengths  and 
weaknesses  —  there  will  come  a  time 
where  the  decision  about  whether  to 


outsource  and  what  to  outsource  will 
be  made  for  them. 

There  also  is  much  that  internal 
IT  departments  can  learn  from 
professional  services  organizations 
about  IT  service  delivery.  “If  an  out¬ 
sourcer  can  save  15  percent  of  your 
IT  budget,  and  still  post  27-percent 
gross  margins,  obviously  they  are 
doing  something  right,”  Giera  says. 
It’s  worth  taking  the  time  to  evaluate 
what  best  practices  professional  serv¬ 
ice  providers  employ  that  might  be 
appropriate  in  the  internal  IT 
organization.  SD 


STRATEGIC  DIRECTIONS  15 


Copyright  ©2002  Genuity  Inc.  All  rights  reserved.  GENUITY  and  design  and  BLACK  ROCKET  and  design  are  each  trademarks  of  Genuity  Inc 


Internet  SECURITY 


vs.  MANAGED  Internet  SECURITY 


These  days,  you've  got  to  go  beyond  VPNs, 
firewalls  and  access  control  solutions  to  keep  your 
data  secure.  You  need  to  actively  manage  every 
square  inch  of  your  network  infrastructure.  Going  it 
alone  is  not  the  best  option.  Going  with  Genuity  is. 

We  have  the  critical  technology  you  need  to.  keep  your 
data  secure.  Genuity's  Black  Rocket  e Business  Network  Platform 
integrates  security  technology  with  Hosting,  Access,  Transport, 
Storage  and  VoIP  solutions.  And  it  sits  on  our  Tier  1  IP  network 
for  secure  communication  from  virtually  anywhere  in  the  world. 


But  technology  is,  of  course,  only  part  of  the  story.  You 
need  the  right  people,  too. 

Our  experts  actively  manage  and  maintain  your  network. 
We  live  and  breathe  network  security,  24x7x365.  We  monitor 
your  network  perimeter  for  security  breaches  and  unplanned 
network  failures.  And  look  for  potential  weaknesses  and  rec¬ 
ommend  solutions  before  they  become  problems. 

To  find  out  how  to  make  your  business  more  secure,  call 
1.800.GENUITY  or  visit  us  at  T7  XTT  T 
www.genuity.com/security.  Y_X  Ei  JAI  V.J  X  X 


How  do  You  Lead  i 
Turbulent  Times? 


Watch  and  listen  to  today’s  local,  state,  and  national  leaders,  as  they  discuss: 

Protecting  the  Homeland: 

Executive  Leadership  and  Effective  Communications 


Webcast  available  at:  www.cio.com/forum3 


infrastructures 


'A  H 

j] 

:V  ' 

’13 

RICHARD  A.  CLARKE 

Special  Advisor  to  the 
President  for  Cyberspace 
Security 


HAROLD  J.  DECKER 

President  and  CEO, 
American  Red  Cross 


JOHN  S.  TRITAK 

Director,  Critical 
Infrastructure  Assurance 
Office,  U.S.  Department 
of  Commerce 


FRED  C.  KOEPPE 

[esident  and  COO, 

I  blic  Service  Electric  and  Gas 

I'mpany  (PSE&G) 

I 

MES  E.  MCGREEVEY 

jivernor,  New  Jersey 


BARRY  P.  SMITH 

Director,  Security  Operations  Policy 
&  Planning,  Office  of  Commissioner, 
US  Food  and  Drug  Administration 

ALBERT  J.  EDMONDS 

President,  Government  - 
Information  Solutions,  EDS 


CLIFTON  R.  LACY,  M.D. 

Commissioner,  N ,J.  Department  of 
Health  and  Senior  Services 

ORSON  SWINDLE 

Commissioner, 

Federal  Trade  Commission  (FTC) 


ARTHUR  R.  MILLER 
MODERATOR 

Professor  of  Law 
Harvard  Law  School 


The  CXO  Media  Executive  Policy  Forum  is  produced  in  cooperation  with  the  National  Critical  Infrastructure 
Assurance  Office  in  the  U.S.  Department  of  Commerce.  CXO  Media  Executive  Policy 
of  CXO  Media  Inc.,  a  subsidiary  of  International  Data  Group,  Inc. 


Forum  is  a  trader 


narK 


■ 


Book  Excerpt 


Leadership 


If  people  cannot  adapt,  the  reality 
is  that  they  become  casualties. 
This  is  virtually  inevitable. 


Continued  from  Page  98 

ACCEPT 

RESPONSIBILITY  FOR 
YOUR  PIECE  OF  THE  MESS 

If  you  have  been  in  a  senior  role  for 
awhile  and  there’s  a  problem,  it  is  almost 
certain  that  you  had  some  part  in  creat¬ 
ing  it  and  are  part  of  the  reason  it  has  not 
yet  been  addressed.  Even  if  you  are  new, 
or  outside  the  organization,  you  need  to 
identify  those  behaviors  you  practice  or 
values  you  embody  that  could  stifle  the 
very  change  you  want  to  advance. 

When  you  are  too  quick  to  lay  blame 
on  others,  whether  inside  or  outside  the 
community,  you  create  risks  for  yourself. 
Obviously,  you  risk  misdiagnosing  the  sit¬ 
uation.  But  you  also  risk  making  yourself 
a  target  by  denying  that  you  are  part  of 
the  problem  and  that  you  too  need  to 
change.  After  all,  if  you  are  pointing  your 
finger  at  them — pushing  them  to  do 
something  they  don’t  want  to  do — the 
easiest  option  for  them  is  to  get  rid  of  you. 
The  dynamic  becomes  you  versus  them. 
But  if  you  are  with  them,  facing  the  prob¬ 
lem  together  and  each  accepting  some 
share  of  responsibility  for  it,  then  you  are 
not  as  vulnerable  to  attack. 

ACKNOWLEDGE  THEIR  LOSS 

Remember  that  when  you  ask  people  to 
do  adaptive  work,  you  are  asking  a  lot. 
You  may  be  asking  them  to  choose 
between  two  values  that  are  important  to 
the  way  they  understand  themselves. 

You  may  be  asking  people  to  close  the 
distance  between  their  espoused  values 
and  their  actual  behavior.  Martin  Luther 
King  Jr.  challenged  Americans  in  that 
way  during  the  civil  rights  movement. 
Confronting  the  gaps  between  our  values 
and  behavior — the  internal  contradic¬ 
tions  in  our  life  and  community — 
requires  going  through  a  period  of  loss. 
Adaptive  work  often  demands  some  dis¬ 
loyalty  to  our  roots.  To  tell  someone  that 
he  should  stop  being  prejudiced  is  really 


to  tell  him  that  some  of  the  lessons  of 
his  loving  grandfather  were  wrong.  Yet 
the  status  quo  may  not  look  so  terrible 
to  those  immersed  in  it  and  may  look 
pretty  good  when  compared  with  a 
future  that  is  unknown.  Exercising  lead¬ 
ership  involves  helping  organizations 
and  communities  figure  out  what,  and 
whom,  they  are  willing  to  let  go.  Of  all 
the  values  honored  by  the  community, 
which  of  them  can  be  sacrificed  in  the 
interest  of  progress? 

People  are  willing  to  make  sacrifices  if 
they  see  the  reason  why.  But  beyond  clar¬ 
ifying  the  values  at  stake  and  the  greater 
purposes  worth  the  pain,  you  also  need  to 
name  and  acknowledge  the  loss  itself.  It’s 
not  enough  to  point  to  a  hopeful  future. 
People  need  to  know  that  you  know  what 
you  are  asking  them  to  give  up  on  the 
way  to  creating  a  better  future.  Make 
explicit  your  realization  that  the  change 
you  are  asking  them  to  make  is  difficult 
and  that  what  you  are  asking  them  to  give 
up  has  real  value.  Grieve  with  them,  and 
memorialize  the  loss. 

MODEL  THE  BEHAVIOR 

Avram  was  the  CEO  of  a  highly  success¬ 
ful  chemical  factory  in  Israel.  One  day  an 
explosion  occurred  on  the  line,  tragically 
killing  two  of  his  employees.  He  quickly 
pinpointed  the  source  of  the  problem  and 
took  steps  to  ensure  that  it  could  not  hap¬ 
pen  again. 

But  whatever  he  did  seemed  not 
enough.  Many  of  his  best  workers  feared 
coming  back  to  work.  They  had  lost  con¬ 
fidence  in  the  safety  of  the  factory,  and 
nothing  he  said  reassured  them  sufficiently 


to  return  to  the  location  where  their  col¬ 
leagues  had  died  or  to  work  at  their  pre¬ 
vious  level  of  productivity.  Avram  came 
to  a  decision.  He  resigned  as  CEO  and 
took  a  job  on  the  line,  right  at  the  spot 
where  the  explosion  had  taken  place. 
Slowly,  workers  began  to  return  and  pro¬ 
duction  began  to  creep  upward.  The  com¬ 
pany  eventually  turned  a  corner.  Ten  years 
later,  it  had  become  one  of  the  largest  in 
Israel,  much  more  profitable  than  it  had 
been  before  the  accident. 

The  CEO  had  to  acknowledge  the  loss 
he  was  asking  the  workers  to  accept,  in 
this  case  the  loss  of  a  sense  of  personal 
safety.  Because  their  fears  were  so  deep, 
verbal  acknowledgment  would  not  suf¬ 
fice.  He  had  to  model  the  behavior. 

But  even  symbolic  modeling  can  have 
substantial  impact.  When  Lee  Iacocca 
reduced  his  own  salary  to  $1  during 
Chrysler’s  troubles,  no  one  worried  that 
Iacocca  would  go  without  dinner.  But  the 
fact  that  he  was  willing  to  make  a  per¬ 
sonal  economic  sacrifice  helped  motivate 
employees  to  do  likewise  as  part  of  the 
company’s  turnaround  plan. 

ACCEPT  CASUALTIES 

If  people  simply  cannot  adapt,  the  reality 
is  that  they  will  be  left  behind.  They 
become  casualties.  This  is  virtually 
inevitable  when  organizations  and  com¬ 
munities  go  through  significant  change. 
Some  people  simply  cannot  or  will  not  go 
along.  You  have  to  choose  between  keep¬ 
ing  them  and  making  progress. 

A  few  years  ago  Marty  consulted  with 
a  company  that  did  technical  work  for  the 
defense  industry.  The  organization  had 


116  CIO  JUNE  15,  2002  •  www.cio.com 


Novell 

NetWare 


t 


get  NetWare  6. 

now  your  Network 

is  just  a  browser  away. 


Need  access  from  Australia?  Want  to  print  from  Prague?  Get  the  freedom  of  NetWare®  6.  As  part  of  Novell’s  one  Net 
vision,  NetWare  6  lets  your  users  have  access  to  their  file,  print  and  other  storage  resources  from  any  browser  in  the  world, 
anytime.  So  no  more  lugging  laptops  to  Latin  America.  All  they'll  need  is  any  computer  with  an  Internet  connection. 
That’s  it.  And  that’s  the  beauty  of  one  Net.  So  take  this  as  a  sign  and  visit  www.novell.com/netware6  to  learn  more. 


Novell 

the  power  to  chaNge 


©  Copyright  2001  Novell.  Inc.  All  rights  reserved.  Novell  and  NetWare  are  registered  trademarks  and  the  power  to  change  is  a  trademark  of  Novell.  Inc.,  in  the  United  States  and  other  countries. 


FIND  OUT  WITH  THE  STATE  OF  THE  CIO  SURVEY 


Get  the  definitive  data  on  CIO  salaries,  responsibilities 
and  priorities  with  THE  STATE  OF  THE  CIO  SURVEY- 
original,  in-depth  research  on  the  changing  trends  of 
the  CIO  role  and  the  challenges  CIOs  face. 

Find  out  from  your  peers  which  industries  pay  CIOs 
the  most.  How  do  IT  budgets  compare  by  industry  and 
by  company  size?  How  does  the  CIO  role  vary  between 
industries?  What  are  the  skills  needed  to  get  ahead? 
And  what  is  the  next  step  on  the  corporate  ladder? 


CIO  RESEARCH  SERIES M 

Counsel  and  Intelligence  from  IT  Executives  and  the 
Editors  of  CIO  Magazine 


These  exclusive  survey  results— 
based  on  interviews  with  500 
heads  of  IT— provide  benchmark¬ 
ing  information  by  industry 
on  salary,  size  of  IT  staff,  users 
supported,  IT  budget  and  more. 
Information  that  will  help  you 
measure  up. 

For  only  $495,  THE  STATE  OF 
THE  CIO  is  delivered  right  to  your 
desktop  giving  you  immediate 
access  to  the  information  you 
need.  And  for  your  future  refer¬ 
ence  needs,  a  packaged  version, 
shipped  within  72  hours,  can  be 
ordered  for  an  additional  $100. 


•  ,£v‘..Vv  v 


3t-t: 

-.iV. 


FOR  EXECUTIVE  DECISION-SUPPORT  TOOLS,  VISIT  THE  CIO  STORE— THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.theCIOstore.com 


wmW? 


Book  Excerpt 


Leadership 


enjoyed  a  long  and  successful  run,  but  the 
fall  of  the  Berlin  Wall  in  1989  ushered  in 
a  new  era.  The  Cold  War  was  over.  The 
new  CEO  realized  that  the  competition 
for  contracts  was  getting  tougher,  that  he 
and  his  company  could  no  longer  rely  on 
their  reputation  and  have  the  work  come 
to  them.  He  began  to  think  about  chang¬ 
ing  the  business,  becoming  more  aggres¬ 
sive  and  adding  to  their  product  line.  For 
many  of  the  long-term  and  most  respected 
employees,  this  was  hard  to  accept. 

At  the  CEO’s  direction,  the  senior 
managers  went  off  to  a  two-day  retreat 
to  chart  their  future  direction.  At  the  end 
of  the  retreat,  the  CEO  held  a  climactic 
meeting.  He  wanted  an  endorsement  of 
the  new  plan,  and  he  asked  each  of  the 
participants  whether  they  were  with  the 
program.  One-by-one,  they  each  said  yes, 


cio.com 

Test  your  political  savvy.  For  the  next 
two  weeks,  ASK  THE  AUTHOR  or 

share  your  strategies.  Go  to 
www2.cio.com/books. 


some  with  great  reluctance.  The  number- 
three  person  in  the  organization  sat  near 
the  end  of  the  row.  He  had  worked  in  the 
organization  longer  than  anyone  else 
present.  The  room  was  quiet  as  everyone 
waited.  He  said  nothing.  Slowly  he  got  up 
and  left  the  room.  He  packed  his  bags, 
went  back  and  cleaned  out  his  office,  and 
left  his  letter  of  resignation  on  the  CEO’s 
desk.  He  became  a  casualty,  and  the  will¬ 
ingness  of  the  CEO  to  accept  his  resigna¬ 
tion  demonstrated  to  the  rest  of  his  team 
his  commitment  to  change. 


People  seeking  to  exercise  leadership 
can  be  thwarted  because,  in  their  unwill¬ 
ingness  to  take  casualties,  they  give  people 
mixed  signals.  Surely  we  would  all  prefer 
to  bring  everyone  along,  and  we  admirably 
hold  up  this  ideal.  Unfortunately,  casualties 
are  often  a  necessary  byproduct  of  adap¬ 
tive  work.  Without  the  heart  to  engage  in 
sometimes  costly  conflict,  you  can  lose  the 
whole  organization.  [£□ 


Ronald  A.  Heifetz  and  Marty  Linsky  are  on  the 
faculty  at  the  John  F.  Kennedy  School  of 
Government  at  Harvard  University.  Heifetz  is  the 
author  of  Leadership  Without  Easy  Answers  and 
codirector  of  the  school’s  Center  for  Public 
Leadership.  Linsky  is  faculty  chairman  of  many 
of  the  school's  executive  programs,  including 
Senior  Officials  in  State  and  Local  Government, 
and  Leadership  for  the  21st  Century. 


Kssociates  International,  Inc.  (CA) 


Computer  Associates^ 


d  herein  belong  to  their  rfespicMve  com  par 


O'  ;*r- 


X  •  * 


■  r:'.n*S  '» 


DEDICATION  TO  QUALITY 


No  kidding.  CA  is  the  first  enterprise  software  company  to  attain  global  ISO  9002  quality 
certification.  But  our  commitment  to  quality  doesn't  end  there.  It  extends  into  every  product  we  *§ 
make,  and  every  customer  relationship.  After  all,  we  didn't  get  to  be  the  long-standing  world 


make,* and  every  customer  relationship.  After  all,  we  didn't  get  to  be  the  long-standing  world 
leader  in  eBusiness  software  for  nothing.  To  find  out  more  about  how  we  make  it  easier  to  do 
business  on  your  terms,  or  to  hear  from  some  of  our  customers,  go  to  ca.com/innovation. 

i  i  i  ii  TiiTMMniiHwnr^^^^^^irTiwrifiTniTT  ii  in  -  *  -  mu  .  — 


Legacy  tools. ..Bioterrorism. ..Web  watching 


Reaching  Back  in  Time 

New  tools  give  legacy  apps  a  better  life  on  the  Web 

BY  JOHN  EDWARDS 


Edited  by  Christopher 
Lindquist.  Send  your 
thoughts  and  ideas 
for  future  columns  to 
clindquist@cio.com. 


IN  THIS  TIME  of  war  and  terror,  the  U.S.  Air 
Force  is  facing  challenges  that  were  unimagin¬ 
able  just  a  few  months  ago.  How,  for  example, 
can  an  aircraft  technician,  located  in  distant  and 
hostile  Afghanistan,  search  for,  order  and  track 


critical  replacement  parts  for  an  F-16  fighter? 
Not  very  easily  if  he  has  to  rely  on  a  fax  machine 
or  a  computer  equipped  with  terminal  emulation 
software  and  a  dedicated  line  feeding  into  a  cen¬ 
tral  supply  system. 


INNOVATION  and  PRODUCTS  in  the  VANGUARD 


Cool  Product 

More  screen 

space . .124 


Under 

Development 

Tracking 

bioterror . 126 


Inside 


Companies 
to  Watch 

TeaLeaf 

Technology  .  ....  128 

Pundits 

Optimization  .  .  .  .  130 


120  CIO  JUNE  15,  2002  •  www.cio.com 


Are  you  getting  the  most  from 


your  existing  resources? 


JC  DataCore 

V  SOFTWARE 


Fortunately,  back  in  1999,  the  Air  Force 
decided  that  it  needed  to  begin  Web¬ 
enabling  its  standard  base  supply  system 
(SBSS).  The  SBSS  is  a  series  of  inventory, 
accounting  and  order  management  sys¬ 
tems  that  control  the  flow  of  supplies 
from  the  warehouse  to  deployment  in  the 
field.  “Now  anybody  with  a  laptop  and 
a  browser  can  access  the  supply  system 
and  access  parts  status,”  says  Lt.  Col.  Jon 
Dittmer,  chief  of  the  Air  Force’s  supply 
systems  division  at  Maxwell  Air  Force 
Base  in  Gunter  Annex,  Ala. 

A  growing  number  of  businesses  are 
facing  the  same  problem  as  the  Air  Force — 
getting  creaky  legacy  systems  to  work  in 


a  new  Web-based  world.  With  ultratight 
budgets  strangling  new  systems  deploy¬ 
ments,  scores  of  software  vendors  have 
stepped  forward  and  are  offering  tools 
that  promise  to  bring  out-of-touch  legacy 
systems  into  the  Web  age. 

For  many  CIOs,  the  software  has  arrived 
not  a  moment  too  soon,  as  they  look  for  a 
cost-effective  way  to  address  the  growing 
clamor — from  customers,  employees  and 
business  partners— for  Web-based  informa¬ 
tion  access.  “For  many  organizations,  the 
goal  right  now  is  getting  through  the 
night,”  says  Dana  Stiffler,  a  senior  analyst 
at  AMR  Research,  a  technology  research 
company  based  in  Boston. 

CIOs  looking  to  leverage  a  legacy  sys¬ 
tem  into  the  Web  era  face  a  number  of 
critical  challenges,  including  planning 
the  proper  approach,  locating  software, 
retraining  staff  and  addressing  long-term 
viability  issues.  Yet  one  overriding  benefit 
can  make  all  of  those  headaches  endurable, 


— Emerging 

says  Stiffler.  “It’s  undeniable  that  you  can 
save  a  lot  of  money  right  up  front,”  she 
notes. 

One  Size  Fits  None 

The  first  question  a  CIO  dealing  with  a 
legacy  system  must  answer  is  whether  a 
particular  system  even  needs  to  be  Web 
enabled.  Systems  that  don’t  require  a  lot 
of  user  interaction  are  the  least  suitable 
candidates.  “If  there’s  a  lot  of  number¬ 
crunching  data,  as  in  financial  services, 
then  it’s  not  really  worth  Web  enabling,” 
says  Stiffler. 

But  when  contending  with  legacy  sys¬ 
tems  that  could  benefit  from  Web  enabling, 


CIOs  face  two  basic  approaches:  low- 
cost/stop-gap  and  higher-cost/longer-last¬ 
ing.  Picking  the  most  appropriate  path 
requires  a  great  deal  of  advance  planning. 
“It’s  not  a  one-size-fits-all  decision,”  says 
Tyler  McDaniel,  director  of  application 
strategies  for  the  Hurwitz  Group,  a  tech¬ 
nology  research  and  consulting  company  in 
Framingham,  Mass. 

The  quick  and  easy  approach,  using  sim¬ 
ple  screen-scraping  and  code-generating 
tools,  allows  organizations  to  extract  pro¬ 
prietary  data  from  their  mainframes  and 
translate  the  inforipation  into  a  new  for¬ 
mat,  such  as  XML  or  Java.  Using  software 
supplied  by  vendors  such  as  Attachmate, 
FIostBridge  Technology  and  Jacada,  the 
legacy  system  is  given  a  new,  Web-compat¬ 
ible  front  end.  “It’s  quicker,  less  costly  and 
less  risky — you’re  not  doing  a  lot  of  chang¬ 
ing,”  says  McDaniel. 

Screen  scrapers  and  code  generators  are 
particularly  useful  for  organizations  that 


Technology  |-~ — - — - - 

handle  payment  processing,  trade  clearing 
and  settlement,  and  other  tasks  that  are 
likely  to  continue  to  utilize  mainframes  for 
some  time  to  come.  “It  provides  a  path  of 
getting  services  out  to  either  our  clients  or 
our  customers  in  a  quick  way  without  hav¬ 
ing  to  reinvent  the  entire  legacy  environ¬ 
ment,”  says  Jane  Landon,  vice  president 
and  CIO  of  Newark,  N.J.-based  Prudential 
Institutional,  an  institutional  investment 
unit  of  Prudential  Financial.  Landon  is 
using  Jacada  software  to  Web  enable  her 
assortment  of  IBM  mainframes. 

The  other  way  to  bring  legacy  applica¬ 
tions  and  data  onto  the  Web  is  by  reengi¬ 
neering  an  existing  system.  With  an  appli¬ 
cation  such  as  Relativity  Technologies’ 
RescueWare,  CIOs  and  their  teams  can  dig 
into  a  legacy  system,  find  its  most  critical 
parts  and  then  convert  the  key  processes 
into  Web-enabled  components.  “Basically, 
you  rebuild  the  application  in  a  more  mod¬ 
ern  fashion,”  says  McDaniel. 

Reengineering  is  a  permanent  solution 
that — when  done  properly— is  designed  to 
last  for  many  years.  But  CIOs  who  fret 
about  the  approach’s  time  and  cost  draw¬ 
backs  often  avoid  the  technique.  And 
such  concerns  are  justified.  Reengineering 
requires  organizations  to  strip  away  as 
much  as  several  decades’  worth  of  irrele¬ 
vant  and  often  undocumented  code  in 
order  to  focus  on  basic  processes.  These 
processes  can  then  be  extracted  and 
brought  into  a  Web-based  architecture.  “It 
may  not  be  the  best  choice  because  busi¬ 
ness  circumstances  [often]  demand  some¬ 
thing  quicker,”  says  McDaniel. 

Screen  scrapers  and  code  generators  are 
certainly  cheaper  alternatives.  Stiffler  esti¬ 
mates  that  the  cheap  and  easy  approach 
can  shave  “one  zero,  maybe  even  two,” 
off  of  an  enterprise’s  six-  or  seven-figure 
reengineering  costs. 

cio.com 

Read  Chris  Lindquist’s  TECH  TACT: 

NEW  TOOLS  FOR  NEW  JOBS. 

every  Monday  at  www.cio.com. 


The  first  question  a  CIO  dealing  with  a 
legacy  system  must  answer  is  whether 
a  particular  system  even  needs  to  be 
Web  enabled. 


122  CIO  JUNE  15,  2002  •  www.cio.com 


■0: 


THIS  IS  YOUR  PRIVATE  FORCE  FIELD,  IMPERVIOUS 
TO  PEEPERS,  HACKERS  AND  X-RAY  VISION. 


This  is  the  Qwest  Virtual  Private  Network.  People  obsessed  with  privacy. 
Firewalls  and  security  standards  built  into  the  Qwest  OC-192  network,  one 
of  the  most  advanced  broadband  networks  in  the  world.  Keeping  your 
information  for  your  eyes  only.  This  is  securely  reconfiguring  your  network 
in  the  blink  of  an  eye.  This  is  you  sleeping  through  the  night  without  the 
cold  sweats.  This  is  realizing  private  isn’t  private  enough  anymore.  This  is 
one  reason  more  than  half  of  the  Fortune  500 1  ride  the  light. 
qwest.com  1-800-RIDE-QWEST  1-800-743-3793  ext  1318 


ride  the  light 


Voice  Solutions 


Data  Solutions 


Internet  Solutions 

L-  Virtual  Private  Network 


Managed  Solutions 


The  good  news  is  that  CIOs  can  actu¬ 
ally  have  the  best  of  both  worlds.  Screen 
scrapers  and  code  generators  are  often 
used  as  a  stop-gap  measure  while  an 
organization  gradually  moves  ahead  on  a 
full  legacy  reengineering  strategy.  “I  can 
slowly  change  my  legacy  environment  ; 
over  time  if  I  should  desire,  and  it  makes 
good  business  sense,”  says  Prudential 
Institutional’s  Landon. 

Off  into  the 
Wide  Web  Yonder 

For  the  Air  Force,  leveraging  the  SBSS 
posed  a  dilemma.  “Our  philosophy  in 
Web  enabling  was  to  just  get  it  done — 
and  to  get  it  done  fast,”  says  Dittmer.  Yet 
there  was  also  a  need  to  develop  a  solu¬ 


— - — . — — -j  Emerging 

final  result  will  justify  all  of  his  staff’s 
hard  reengineering  work.  The  finished 
platform  will  allow  developers  to  flexi¬ 
bly  deploy  components  across  the  Air 
Force’s  entire  system  and  to  tie  several 
different  supply  management  systems 
into  a  single  environment. 

Basic  Web  enabling  was  completed  in 
December  2000  on  the  old  Unisys  system, 
but  the  reengineering  work  continues. 
“We’re  still  in  the  process  of  converting 
the  user  interface  to  a  more  graphical  ori¬ 
entation,”  says  Dittmer.  That  work,  along 
with  additional  front-end  error  checking 
and  business-rule-logic  enhancements,  is 
scheduled  for  completion  later  this  year. 
Once  that  stages  is  finished,  the  SBSS  is 
slated  to  be  completely  free  of  the  Unisys 


While  few  CIOs  doubt  the  value  of 
bringing  Web  access  to  legacy  systems, 
the  process  is  not  without  its  perils. 


tion  that  would  last  well  into  the  future. 
After  considering  the  various  options, 
Dittmer  and  his  staff  decided  to  shoot 
for  the  sky:  They  would  quickly  give  the 
legacy  system  Web  access  capabilities 
and  then  commit  to  a  complete  system 
reengineering. 

The  challenge  Dittmer  and  his  team 
faced  was  to  gradually  migrate  a  three- 
decade-old  system  that  is  now  hosted  on 
a  Unisys  2200  Clearpath  mainframe — 
with  data  trapped  inside  a  proprietary 
DMS-100  database — to  an  open  Web- 
based  architecture.  Dittmer’s  staff  is 
using  Relativity’s  Rescue  Ware  to  extract 
business  rules  and  generate  a  Java-based 
user  interface  and  other  Web-friendly 
components  from  the  original  Cobol. 
“We  have  a  million-and-a-half  lines  of 
Cobol  code  that  have  been  touched  by 
hundreds  of  different  programmers,  so 
when  we  try  to  make  a  change  to  the  sys¬ 
tem,  it’s  really,  really  difficult,”  Dittmer 
says.  But  he  adds  that  he  believes  that  the 


environment  early  next  year.  The  30- 
month  project  will  cost  more  than  an  esti¬ 
mated  $10  million  (a  figure  supplied  by 
Relativity,  not  Dittmer,  who  declined  to 
estimate  cost). 

Avoiding  the 
Pitfalls  and  Perils 

While  few  CIOs  doubt  the  value  of  bring¬ 
ing  Web  access  to  legacy  systems,  the 
process  is  not  without  its  perils.  Project 
leaders  must  stumble  through  a  forest  of 
conversion  and  reengineering  products 
in  order  to  find  the  tool  that  most  closely 
meets  their  needs.  “There  are  probably 
about  200  companies  that  let  you  take 
the  user  interface  and  redo  it,”  says  Vivek 
Wadhwa,  Relativity’s  CEO. 

There’s  also  the  not-so-small  matter  of 
retraining  staff  in  new,  Web-oriented  soft¬ 
ware  technologies.  Veteran  developers 
accustomed  to  toiling  in  a  Cobol  envi¬ 
ronment,  for  example,  may  have  a  hard 
time  acquiring  new  skills.  New  hires,  on 


Technology 


Cool 

Product 


Multiple  Images 

IF  YOU’RE  feeling  cramped  and 
need  some  more  computer  screen 
space,  9X  Media  ( www.9xmedia 
.com)  may  have  the  digital  real 
estate  you’re  looking  for. 

The  company’s  line  of  X-Top 
multiple  monitor  systems  lets  you 
connect  up  to  nine  (yes,  nine)  LCD 
screens  into  a  single  virtual  work¬ 
space.  The  product  uses  a  set  of 
linked  support  arms  mounted  on  a 
central  hub  to  hold  flat-panel 
displays  (15  to  24  inches  in  diagonal 
measurement)  in  position  as  one 
viewing  unit. 

Customers  can  start  small— say 
a  pair  of  15-inch  screens— and  then 
add  more  or  get  bigger  as  their 
needs  and  budget  allow.  Each 
screen  can  be  moved  individually 
for  optimal,  ergonomic  positioning. 
9X  Media  can  supply  screens  (both 
analog  and  digital)  with  the  sys¬ 
tem,  or  customers  can  provide 
their  own  (the  arms  work  with  any 
Vesa-compatible  LCD  display). 

The  X-Top  systems  come  with  a 
hub,  monitor  arms,  a  sound  system 
and  necessary  cables.  Running  the 
monitors  may  require  customers  to 
buy  extra  video  cards  or  an  addi¬ 
tional  multimonitor-capable  card. 
Pricing  for  the  X-Top  systems 
starts  at  around  $1,699  for  a 
version  with  two  15-inch  displays. 

-Christopher  Lindquist 


124  CIO  JUNE  15,  2002  •  www.cio.com 


sms 

'{iS»  ■  •  a jtf  .  - 


-t 


TEKsystems®,  your  navigator  on 


ications  staffing  highway. 


Navigating  the  curves  and  potholes  of  the  IT  world  can  be  nothing  short  of  treacherous.  That's 
why  we're  so  proud  of  how  TEKsystems  handles  the  ride.  We  help  businesses  design,  install, 
deploy  and  run  their  IT,  communications,  application  and  network  systems  by  providing  superior 
services  and  the  best  IT  programmers  and  consultants  available.  If  your  company  is  searching 
for  infrastructure  or  application  staffing  solutions,  we  invite  you  to  join  us  for  the  ride. 


www.teksystems.com  8888321215 


TEK 

systems" 

People  for  your  workforce. 

Solutions  for  your  workplace.5" 


the  other  hand,  may  have  trouble  mas¬ 
tering  the  legacy  system’s  various  quirks 
and  vagaries. 

Under  the  best  conditions,  legacy 
system  leveraging  is  a  complex,  time- 
consuming  job.  Even  screen  scrapers  and 
code  generators,  which  are  widely  hailed 
for  their  simplicity,  require  a  fair  amount 
of  hands-on  work.  “It’s  when  you  start 
leveraging  the  APIs  that  it  goes  back  to 
traditional  development,”  says  Prudential 
Institutional’s  Landon. 

Further  complicating  the  CIO’s  job  are 
questions  about  how  legacy  systems  will 
eventually  fit  into  emerging  Web  services 
strategies.  “It’s  one  of  the  major  missing 
pieces  of  the  Web  services  story,”  says 
Hurwitz’s  McDaniel.  He  says  he  believes 
that  a  Web  services  interface  could  make 
legacy  systems  more  reusable  and  flexible 
by  allowing  applications  to  communicate 
with  each  other.  “For  example,  you  can 
suddenly  start  rearranging  legacy  trans¬ 
actions  to  provide  new  kinds  of  function¬ 
ality  for  business  users,”  he  says.  But  the 
basic  blueprint  for  such  an  environ¬ 
ment  remains  unfinished — at  least  for  the 
moment.  “It’s  unfortunate  that  the  loud¬ 
est  proponents  of  Web  services  haven’t 
really  given  a  lot  of  thought  to  what  they’re 
going  to  do  with  legacy  applications,”  he 
says.  Relativity’s  Wadhwa  says  the  next 
release  of  Rescue  Ware  will  address  Web 
services  integration. 

Despite  all  the  obstacles  and  perils, 
many  CIOs  have  no  alternative  but  to 
begin  leveraging  their  legacy  resources. 
“You’ve  got  a  lot  of  current  costs  sunk 
into  those  systems,”  McDaniel  notes. 
“Obviously,  you  want  to  continue  to 
extend  the  value  of  those  systems  to  a 
whole  new  audience  of  users.”  AMR’s 
Stiffler  agrees.  “Given  the  current  hazy 
economic  outlook,  it’s  important  for 
CIOs  to  have  tools  that  allow  them  to 
use  their  existing  infrastructure.”  ■ 


John  Edwards  is  a  freelance  writer  based 
in  Gilbert,  Ariz.  He  can  be  reached  at 
jedwards@john-edwards.com . 


126  CIO  JUNE  15,  2002  •  www.cio.com 


Emerging  Technology 


UNDER  DEVELOPMENT 

Health  care 

Slopping  Epidemics  Early 

THE  RECENT  BIOTERRORISM  scare  has  served  as  a  wake-up  call  to  our  public  health 
system,  exposing  its  inability  to  track  epidemics— from  run-of-the-mill  influenza  to  top 
threats  such  as  smallpox.  But  even  before  last  year’s  anthrax  cases,  doctors  and  public 
health  officials  had  been  testing  Web-based  databases  and  other  bio-surveillance 
technologies  that  could  help  monitor  medical  data  to  stem  an  outbreak  before  it  spreads. 

At  Children's  Hospital  in  Boston,  a  team  of  researchers  is  testing  a  network  that  offers 
real-time  surveillance  of  hospital  data,  a  website  that  lets  clinicians  report  events  or 
trends  suggestive  of  bioterrorist  activity,  and  decision-support  systems  to  provide 
appropriate  responses  to  outbreaks.  "The  benefit  of  the  surveillance  network  is  early 
detection  so  we  can  treat  or  isolate  the  problem,”  explains  Dr.  Kenneth  Mandl,  attending 
physician  in  pediatric  emergency  medicine  at  Children’s  Hospital  and  assistant  profes¬ 
sor  of  pediatrics  at  Harvard  Medical  School.  "And  the  decision-support  network  will  help 
frontline  docs  treating  victims  of  diseases  that  they  have  never  seen  before.”  It  will  be  at 
least  two  years  before  researchers  really  understand  what  the  output  from  the  pilot 
system  means  and  how  to  respond,  Mandl  says. 

Meanwhile,  the  U.S.  Air  Force  completed  phase  one  of  a  $13.3  million  project  that 
created  an  infectious  disease  detection  database  and  e-mail  alert  system.  “We’re  inter¬ 
ested  in  protecting  against  the  use  of  biologic  weapons  by  terrorists,”  says  Col.  Robert 
Munson,  U.S.  Air  Force  division  chief  of  science  and  technology  and  assistant  surgeon 
general  for  expeditionary  operations,  science  and  technology.  But  the  system  lends  itself 
to  more  day-to-day  uses,  he  adds,  such  as  stemming  hospital-acquired  infections. 

Some  worry  that  new  patient  privacy  laws  under  HIPAA  could  get  in  the  way  of  infor¬ 
mation-sharing  needed  to  identify  incipient  epidemics.  Those  involved  in  these  efforts 
say  that  maintaining  security  by  transmitting  and  displaying  only  aggregate  data  is 
critical,  adding  that  there  may  be  exceptions  to  HIPAA  when  it  comes  to  public  health. 

-Stephanie  Overby 


ftb  Katkia. 


I  hear  our  company  now  has  real-time 
wireless  access  to  all  our  critical 
network  data,  like  customer  files. 


Imagine  how  successful  we 
could  have  been  with  that  kind 
of  network  access. 


What’s  a  network? 


rHMf 


i  n  Drummorta* 


[  h:nh^v 


hn  i  tan 


Nextel  Wireless  Business  Solutions.  Now  you’ll  never  have  to  say  “Imagine  what  I  could  have 
done  if...”  because  you’ll  be  busy  doing  it.  And  it’s  not  just  having  the  Internet  on  your  phone; 
it’s  real-time  access  to  customer  data,  pricing,  inventory.  Whatever  drives  your  business. 
Anytime.  Anywhere.  On  a  variety  of  devices.  And  it’s  all  possible  because  only  Nextel  has  a 
national  wireless  network  designed  specifically  to  carry  both  voice  and  data.  Call  toll  free 
1  -877-NEXTELC,  or  visit  nextel.com/WBS  to  see  how  we  can  help  you  outmaneuver  your  competition. 


WIRELESS 

BUSINESS  SOLUTIONS 


NEXTEL 


©2002  Nextel  Communications,  Inc.  All  rights  reserved.  Nextel  and  the  Nextel  logo  are  trademarks  and/or  service  marks  o*  Nextel  Communications,  Inc. 

All  other  product  names  and  services  are  the  property  of  their  respective  owners. 


Emerging 


COMPANIES  TO  WATCH 

TeaLeaf  Technology 

Be  the  User 


TeaLeaf  s  tools  show  you  what  your  Web  visitors  really  experience 

BY  STEPHANIE  OVERBY 


A  SLOW-MOVING  site.  “An  error  occurred 
while  processing  your  request.”  A  less- 
than-satisfying  search.  All  sit  near  the  top 
of  Web  users’  frustration  lists — and  all  are 
major  menaces  to  companies  relying  on  of¬ 
ten  undependable  but  increasingly  mission- 
critical  Web-based  applications. 

Application  integrity  issues  are  highly 
visible  to  customers,  but  they  can  be  nearly 
invisible  to  IT  operations.  Incorrect  data 
on  a  page  may  go  unnoticed  to  IT  because 
the  page  appeared  in  a  reasonable  time  and 
raised  no  red  flags,  says  Jasmine  Noel, 
director  at  Framingham,  Mass. -based 
Hurwitz  Group,  a  technology  research  and 
consulting  company.  And  when  a  problem 
x  arrives  from  a  user  complaint  or  a  console 
alert,  the  IT  team  may  have  no  way  of  cre¬ 
ating  a  complete  record  of  what  happened. 

TeaLeaf  Technology,  a  privately  held 
1999  spinoff  of  SAP,  has  entered  the  ever- 
expanding  field  of  system  management 
software  for  Web-enabled  applications  to 


provide  a  potential  solution  to  the  prob¬ 
lem  of  such  unreliability  and  invisibility. 
The  latest  generation  of  the  software, 
IntegriTea,  allows  companies  to  capture, 
record  and  play  back  entire  end  user  Web 
application  sessions.  (The  product  was 
originally  developed  as  skunk  works — ■ 
under  the  name  “project  black  box” — at 
SAP  Labs  to  understand  how  customers 
were  really  using  the  company’s  Web- 
based  applications.)  IntegriTea  captures 
user  session  data,  encrypts  and  compresses 
it,  then  sends  it  off  to  an  IntegriTea  server. 
The  software  also  monitors  and  scans  the 
contents  of  this  data  for  conditions  such 
as  Web  server  errors,  ODBC  errors  and 
long  response  times.  If  it  finds  a  problem, 
IntegriTea  can  then  generate  alerts  for  IT 
staff.  In  addition,  IntegriTea  lets  users 
gather  application-specific  data  from  the 
application  server  to  combine  with  web¬ 
page  information. 

By  capturing  every  user  interaction 


w  a  f  c  h  i  n  g , . . 

TeaLeaf  Technology 

Headquarters  San  Francisco 
Founded  1999  as  spinoff  of  SAP  AG 

Number  of  employees  36 

Product  IntegriTea  captures,  records 
and  plays  back  user  Web  sessions 

Reason  to  watch  Lets  IT  depart¬ 
ments  monitorthe  real-world  per¬ 
formance  of  Web-based  applications 

Hurdles  Overcoming  privacy  and 
security  concerns;  potential  for  large 
processing  and  storage  overhead 

Web  linkwww.tealeaf.com 


Technology  f— — — — - — - 

along  with  code-level  events,  IntegriTea 
provides  the  IT  organization  with  a  more 
complete  picture  of  the  performance  of 
its  Web  applications.  As  a  result,  it  can 
help  solve  a  number  of  Web  application 
issues — not  only  detecting  content  errors 
and  failed  processes,  but  also  verifying 
third-party  content  and  services,  recover¬ 
ing  lost  orders  and  enhancing  security. 

“We  felt  like  a  lot  of  stuff  was  happen¬ 
ing  on  our  site  that  we  didn’t  have  visi¬ 
bility  to — who’s  coming,  what  are  they 
doing,  is  their  experience  positive  or  neg¬ 
ative,”  explains  Lisa  Scovel,  who  imple¬ 
mented  IntegriTea  at  TowerRecords.com. 
“TeaLeaf  allowed  us  to  see  not  only  what 
our  customers  were  doing  successfully  but 
also  what  they  were  attempting  to  do  that 
may  have  been  unsuccessful,  like  searches, 
incomplete  transactions,  abandoned  regis¬ 
trations.”  Scovel  says  TowerRecords.com 
made  massive  changes  to  its  registration 
and  checkout  process  after  experiencing 
firsthand  some  of  the  frustration  its  users 
encountered.  “The  tool  allows  us  to  iso¬ 
late  the  sessions  of  someone  who  says 
they  were  having  a  problem  on  our  site 
at  10:40  p.m.  or  resolve  a  dispute  if  some¬ 
one  says  they  put  a  product  in  their  cart  at 
6:34  p.m.  at  $6.99,  and  the  price  changed 
when  they  checked  out.” 

“It’s  a  good  product  for  anyone  who 
needs  to  know  exactly  what  happens  on  a 
website,”  says  Tim  Grieser,  systems  man¬ 
agement  research  analyst  at  Framingham, 
Mass.-based  IDG  (a  sister  company  to  CIO's 
publisher,  CXO  Media).  Although  there 
could  be  some  privacy  concerns  when  sav¬ 
ing  entire  user  experiences,  the  product 
addresses  that  with  its  encryption  process, 
leaving  the  onus  on  the  user-company  to 
cover  this  issue  with  its  stated  privacy  pol¬ 
icy.  The  only  other  potential  drawback  is 
storage.  “The  amount  of  data  you  wind  up 
saving  could  be  huge,  and  TeaLeaf  has 
schemes  for  compressing  the  data,  which 
alleviates  that  to  some  extent,”  Grieser 
explains.  “But  as  of  yet  it  hasn’t  been  used 
for  a  long  period  of  time  by  a  high-traffic 
website  to  see  how  that  will  work.”  ■ 


128  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  BY  PLASTOCK/PHOTONICA 


Only  a  Xerox  Document  Centre’  shifts  your  office 
into  overdrive.  It  prints,  copies,  faxes,  scans  and  e-mails 
like  no  other.  Saving  you  time  and  money. 
There’s  a  new  way  to  look  at  it. 


Performance  proves  it.  Top  companies  know  it. 

That’s  why  86%  of  Fortune  500®  companies  rely 
on  Document  Centre  Multifunction  systems  to  save 
them  time  and  money*  Our  unique  design  provides 


maximum  network  performance.  The  result  is  cost- 
crunching  productivity  that  puts  your  business  way 
ahead  of  the  pack.  To  Find  out  how  we  can  save 
your  business  time  and  money,  get  in  touch  today. 


Visit:  www.xerox.com/vroom  Call:  1-800-ASK-XEROX  ext.VROOM 


The  Doci  ment  Company 

XEROX. 


'Certain  Document  Centre  features  are  optional  ©2002  XEROX  CORPORATION.  All  rights  reserved.  XEROX,*  The  Document  Company*  Document  Centre*  and  There's  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION 


Emerging  Technology 


PUNDITS 

Optimization 

Maximize  Everything  Now 

The  latest  optimization  tools  can  help  you  get 
every  dollar  out  of  your  operations 

BY  DAVID  L.  MARGULIUS 


OPTIMIZATION.  It  sounds  so  incremental. 
Boring.  For  tweakers  and  PhDs.  Is  all  the 
fuss  really  warranted? 

Here’s  the  basic  idea:  During  the  past 
few  years,  you’ve  spent  hundreds  of  mil¬ 
lions  on  core  systems  (ERP,  CRM,  SCM 
and  so  on)  and  to  populate  those  systems 
with  data  (and  you’re  not  done  yet,  by  the 
way).  That  data  is  useful,  but  it’s  a  mess. 
And  you  can’t  get  at  it  in  real-time,  corre¬ 
late  it,  leverage  it,  segment  it  or  get  it  to 
where  it’s  useful — points  of  interaction 
with  the  customer  and  points  of  decision 
making  inside  your  company. 

The  basic  idea  behind  optimization  is 
quite  simple:  Unlock  the  potential  of  that 
data,  and  apply  it  to  your  key  business 
processes  to  make  them  more  efficient 
and  profitable. 

But  can  it  be  done?  Can  optimization 
really  make  a  difference  to  your  bottom 
line?  Yes,  thanks  to  new  and  more  power¬ 
ful  real-time  integration,  process  and 
analytics  technologies.  Whether  you’re 
matching  supply  chain  data  to  customer 
demand  data  (to  optimize  profitability), 
adding  business  rules  to  a  workflow 
process  (to  optimize  efficiency),  or  leverag¬ 
ing  knowledge  about  customer  preferences 
(to  optimize  customer  satisfaction  and  rev¬ 
enue),  the  benefits  can  be  very  real.  And 
there  are  some  very  real  examples. 

DHL  is  using  software  to  customize  and 
optimize  pricing  for  large  accounts  based 
on  prior  customer  history  (from  the  CRM 
system)  and  business  rules  reflecting  the 
company’s  cost  structure.  Target:  To  enable 
its  salespeople  to  write  more — and  more 
profitable — business. 


E-Trade  is  using  intelligent  call-routing 
software  to  cherry-pick  high  value  cus¬ 
tomers  who  call  its  800-number  (again  by 
dipping  into  the  CRM  database)  and 
quickly  connect  them  with  an  agent  whose 
skills  match  the  customers’  likely  problem. 
Target:  In  financial  services,  15  percent  of 
the  customers  can  generate  300  percent  of 
the  profits.  You  do  the  math. 


Canadian  Imperial  Bank  of  Commerce 
is  using  workflow  and  business  process 
management  software  to  document  and 
eliminate  inefficiencies  in  the  back-office 
processes  of  its  private-branded  banking 
services  division.  Target:  Additional  ac¬ 
counts  opened,  in  a  shorter  time,  while  us¬ 
ing  fewer  people. 

Sounds  good,  you  say,  but  what  does  it 
take  to  do  optimization  well?  Here  are 
some  quick  thoughts,  whether  you’re  trying 
to  optimize  a  customer-facing  or  internal 
process. 

It  takes  discipline.  As  a  friend  told  me 
recently,  you  can  buy  the  best  pair  of  run¬ 
ning  shoes  available,  but  you  still  have  to 
train.  Scrub  the  data.  Build  the  model. 
Connect  the  systems.  Write  the  middle¬ 
ware.  Nothing  is  easy. 

It  takes  focus.  Begin  with  the  end  in 
mind.  With  all  that  data  floating  around, 
you  can  be  tempted  in  a  lot  of  different 
directions — don’t  do  it!  Get  buy-in  from 
the  organization  in  advance  on  goals,  scope 
and  how  you  will  measure  the  success  of 
the  project. 

It  takes  follow-through.  If  the  process 
you’re  optimizing  involves  a  productivity 
benefit,  you  may  have  to  let  people  go  to 
get  the  benefit.  You  may  also  have  to  do 
some  training — people  are  wedded  to  their 
old  ways. 

It  takes  a  multichannel  mind-set.  It 

doesn’t  pay  to  optimize  silos;  if  you  do,  you 
just  won’t  get  the  return  you  could.  If 
you’re  doing  it  in  the  call  center,  do  it  in 
the  stores.  Do  it  for  self-service.  Do  it  for 
the  field.  Do  it  once,  and  do  it  right. 

It  takes  partners  that  know  what  they’re 
doing.  You  can  buy  generalized  process  man¬ 
agement  and  business  intelligence  software, 
write  rules  and  workflow  yourself  until  the 
cows  come  home.  Or  you  can  find  a  vendor 
with  domain  expertise  and  leverage  work  it’s 
already  done.  I  recommend  the  latter.  PTP1 


David  L.  Marguiius  is  a  San  Francisco-based 
technology  and  marketing  consultant.  He  can 
be  reached  for  questions  or  comments  at 
dmargulius@pacbell.net. 


Unlock  the  potential 
of  that  data,  and 
apply  it  to  your  key 
business  processes 
to  make  them  more 
efficient. 


130  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  BY  VOLDI  TANNER 


IBM.  WebSphere  and  the  e-business  logo  are  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United  States  and/or  other  countries.  CrossWorlds  and  the  CrossWorlds  logo  are  registered  trademarks 
of  CrossWorlds  Software.  Inc.©  2002  IBM  Corp.  All  rights  reserved 


T 

O 


0 


o 


0 


<> 


SSI 


This  is  the  MANAGER 

That  placed  the  Order 

That  went  through  Accounting 

That  commissioned  Sales 

That  notified  Engineering 

That  provisioned  the  Circuits 

That  connected  the  Service 

That  satisfied  the  Customer 

That  concluded  the  Process 

That  lives  in  the  Business  Integration  Software 

That  we  built  Together. 


^'CROSSWORLDS' 


CrossWorlds  has  joined  with  IBM  to  provide 
comprehensive  business  integration  from  your 
first  step  to  the  finish.  Our  technology  powers  WebSphere1"1  to  not  only 
just  connect  your  applications  —  but  make  all  your  processes  work 
together.  For  the  whole  story  visit  ibm.com/websphere/crossworlds 


business  software 


IT’S  A  DIFFERENT  KIND  of  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  of  SOFTWARE. 


HIRING 


FIRING 


INSPIRING 


Hot 
Seat 


Inside 

MANAGEMENT  BRIEFS 

Using  bonuses  for  business 
alignment 

LEADERSHIP  AGENDA 

By  Susan  H.  Cramm 
IT  parenting:  How  to  make  no 
sound  like  yes 

READER  Q&A 

Susan  H.  Cramm  answers 
questions  on  IT  parenting 

Ask  heryour  leadership  and 
management  questions  at 
www.cio.com/leadership/ 
agenda.html 


How  comfortable  do,  you 
find  the  hot  seat?  E-mail 
Leadership  and  Management 
Editor  Edward  Prewitt  at 
hotseat@cio.com. 


Yes,  We  Had  No  Integration 

Like  the  cobbler’s  children  who  had  no  shoes,  CMGI  was  an 
IT  company  that  lacked  IT  basics.  Until  CIO  Jo  Hoppe  arrived. 

BY  EDWARD  PREWITT 


Before  the  Nasdaq  crash  and  the  Internet 
bust,  before  paying  millions  to  plaster 
your  name  on  a  stadium  became  a  mark 
of  corporate  folly  (see  3Com  Field, 
CMGI  Field  and  Enron  Field),  CMGI 
was  a  star  in  the  high-tech  firmament. 
The  Internet  holding  company’s  CEO, 
David  Wetherell,  was  regarded  as  a  new 
economy  guru.  And  when  he  hired  Jo 
Hoppe  three  years  ago  to  be  CMGI’s 
first-ever  executive  vice  president  and 
CIO,  Wetherell’s  charge  to  her  was  to 
build  an  IT  structure  capable  of  keeping 
up  with  the  company’s  growth. 

Today,  of  course,  CMGI  is  shrinking, 
not  growing,  having  lost  $5.8  billion  in 
fiscal  2001.  But  when  Hoppe  arrived  in 
October  1999,  “the  company  was 
acquiring  two  to  four  companies  a 
month,”  she  recalls.  And  CMGI’s  sub¬ 
sidiaries — including  online  businesses 
such  as  AltaVista  and  UBid  and  19  others 
at  the  company’s  high-water  mark  in  late 
1999 — were  also  focused  on  growth.  No 
one  had  time  for  process.  “There  were  no 
mainframes,  almost  no  legacy  systems,” 
Hoppe  says.  “Most  of  the  [subsidiary] 
companies  had  no  systems  at  all.” 

Starting  from  Scratch 

Hoppe’s  challenge — to  lead  IT  in  a 
decentralized  company — is  familiar  to 
many  CIOs.  But  at  Andover,  Mass.- 
based  CMGI,  the  scale  of  the  undertak¬ 
ing  was  fearsome.  Not  only  did  Hoppe 
have  to  build  and  integrate  systems  for 
21  companies  where  there  were  none, 
she  had  to  do  so  at  “CMGI  speed.” 

“You  couldn’t  say  two  years  for  an 
ERP  system.  Two  years  is  a  lifetime 
here,”  Hoppe  says.  It  didn’t  help  that 
CMGI,  as  a  bag  of  brands,  had  no  cor¬ 


porate  identity.  Its  subsidiaries  had  little 
or  no  feelings  of  affiliation  among  them¬ 
selves  and  only  grudgingly  acknowledged 
headquarters. 

But  Hoppe  had  two  factors  working 
for  her:  the  strong  support  of  her  boss, 
the  corporate  CFO,  and  the  pain  felt 
companywide  from  the  lack  of  integra- 


CIO  Jo  Hoppe  had  to  move  at  “CMGI 
speed”  to  get  critical  business  systems 
in  place  before  the  economy  slowed. 

tion.  “It  was  a  horrendous  task  each 
month  just  trying  to  close  the  books 
without  systems.  Spreadsheets  would  be 
e-mailed  in  or  faxed  in,”  Hoppe  says.  At 
a  gathering  of  all  the  subsidiary  heads  a 
few  weeks  after  she  was  hired,  the  CFO 
introduced  her  and  said  that  centralized 
systems  were  the  new  priority.  There 
would  be  complete  integration,  no  sys¬ 
tems  overlap  and  clear  visibility  of  all 
corporate  and  subsidiary  data. 

Hoppe  dove  right  in,  making  her  first 


132  CIO  JUNE  15,  2002  •  www.cio.com 


PHOTO  BY  JOHN  SOARES 


pentium®/// 


The  next  generation  of  hp  ProLiant  technologies: 

A  better  way  to  make  your  business  move  faster. 

Today's  I.T.  infrastructure  eats  up  a  lot  of  things:  People.  Money. 
Time.  But  those  vital  resources  can  all  be  maximized  with  an 
infrastructure  that  adapts  more  quickly  to  change.  And  ProLiant 
server  technologies  can  make  that  adaptive  infrastructure  a  reality. 

The  next  generation  of  ultra-dense  ProLiant  BL  Series  servers 
with  Intel®  Pentium®  III  processors  makes  deployment  a  simple 
matter  of  unpacking,  plugging  in,  and  clicking  a  mouse.  So  it 
happens  in  minutes,  instead  of  tying  up  your  key  people  for 
days.  And  with  ProLiant  Essentials  Rapid  Deployment  software, 
an  O/S  or  application  upgrade  can  now  be  downloaded  to  all 
servers  companywide  by  one  person.  It's  faster,  more  flexible 
technology  that  will  speed  up  your  whole  business.  Our  people 
can  show  you  how. 


For  more  information  and  a  White  Paper, 
call  1-800-282-6672,  press  5  and  mention 
code  TGZ  or  visit  www.hp.com/solutions/ai 

invent 


©2002  Hewlett-Packard  Company.  All  rights  reserved.  Intel,  the  Intel  Inside  logo  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries 


tasks  an  ERP  system 
for  financial  and  HR 
information.  She  quick¬ 
ly  selected  Oracle  soft¬ 
ware  and  set  a  six- 
month  time  limit  for 
implementation.  The  Oracle  rep  balked, 
saying  that  was  unrealistic.  “Oracle  antic¬ 
ipated  that  with  21  companies  we  wouldn’t 
be  able  to  get  agreement  on  basic  needs 
of  the  system  for  months,”  Hoppe  recalls. 

But  just  six  weeks  later,  after  a  pair  of 
five-day  workshops  (one  for  financial 
data  and  one  for  HR  information)  at 
which  the  21  companies  were  repre¬ 
sented,  Hoppe  and  all  the  subsidiaries  had 
agreed  on  the  ERP  specifications.  “I 
insisted  that  all  the  key  players  had  to  be 
at  the  table,”  Hoppe  says.  “So  when  we 
got  a  few  [subsidiary]  CFOs  who  said, 
‘I’m  busy,’  I  went  back  to  their  CEOs  and 
said,  ‘This  is  critical.  You’ve  got  to  be  rep¬ 
resented.’”  By  the  end  of  each  workshop, 
the  heavy  lifting  was  complete,  and 
Hoppe  had  a  total  chart  of  accounts  in 
hand.  The  ERP  implementation  was  fin¬ 
ished  within  the  six-month  window. 

Hoppe  drew  two  lessons  from  that 
success.  The  first  is  the  necessity  of  sup¬ 
port  from  the  top  when  it  comes  to  dra¬ 
matic  organizational  change.  The  second 
lesson  is  the  importance  of  working 
closely  with  business  leaders  throughout 
each  organization.  Hoppe  joins  in 
CMGI’s  monthly  executive  committee 
meetings,  which  are  attended  both  by  cor¬ 
porate  executives  and  the  heads  of  all  the 
operating  subsidiaries.  She  also  goes  on 
the  road  once  a  quarter  and  visits  CMGFs 
campuses — in  Andover,  San  Francisco 
and  Chicago — meeting  with  all  of  the 
operating  company  heads.  “I  ask  what 
their  pressure  points  are  and  how  I  can 
make  a  difference,”  she  says. 

After  the  Fall 

Even  as  the  ERP  implementation  project 
was  wrapping  up  in  the  summer  of  2000, 
the  dotcom  boom  was  slowly  turning 


into  the  dotcom  bust  and  CMGI’s  go-go 
atmosphere  began  to  go-go  away. 
Wetherell  stopped  acquiring  companies 
and  began  to  consolidate  the  subsidiaries 
in  search  of  economies  of  scale.  Hoppe’s 
drive  for  integration  fit  into  that  goal 
perfectly.  Her  IT  budget  in  2001  was 
$23  million  (1.9  percent  of  total  rev¬ 
enue),  which  among  other  things  she 
spent  on  a  Siebel  CRM  system,  corpo¬ 
rate  website  improvements  and  a  corpo¬ 
rate  portal. 

The  portal  turned  out  to  be  a  primary 
integrating  tool  for  the  company.  “More 
than  anything,  it  helped  establish  a  CMGI 


identity,”  Hoppe  says.  “All  the  sub¬ 
sidiaries  are  entrepreneurial,  but  now  for 
the  first  time  they  had  one  place  to  go” 
for  information.  Yet  the  need  to  create  a 
portal  was  an  irony  in  itself;  CMGI 
owned  three  portal  companies  but  had  no 
corporate  portal.  Like  the  cobbler’s  chil¬ 
dren  who  had  no  shoes,  CMGI  was  an 
IT  company  that  lacked  even  IT  basics. 

Now  52  years  old,  Hoppe  gained  her 
credentials  in  the  publishing  industry, 
starting  out  at  Atex  Media  Solutions 
before  becoming  vice  president  of  IS  at 
Houghton  Mifflin  and  then  CIO  at 
Addison  Wesley  Longman.  “I  came  from 
very  established  companies  with  systems 
in  place.  Houghton  Mifflin  was  a  very 
classy  company,  for  instance,  with  main¬ 
frames  and  legacy  systems  and  established 


ways  of  doing  things,”  she  says.  But 
Hoppe  found  the  tabula  rasa  of  CMGI 
exhilarating. 

Still,  she  acknowledges  that  her  job  has 
been  more  challenging  than  fun  since  the 
recession  took  hold.  The  market  pressure 
on  CMGI,  which  saw  its  stock  drop  from 
a  high  of  $163.50  per  share  in  January 
2000  to  a  low  of  60  cents  in  October 
2001,  has  been  enormous.  The  company 
shut  down  some  subsidiaries  and  divested 
itself  of  others — including  its  biggest 
investment,  the  Lycos  search  engine  com¬ 
pany — eventually  paring  down  to  nine 
operating  companies  in  mid-2001:  the 


AltaVista  search  engine,  the  online  auc¬ 
tion  site  UBid.com,  fulfillment  specialist 
SalesLink,  online  marketer  YesMail.com, 
Internet  analyst  Engage,  Internet  services 
providers  Tallan  and  NaviSite,  online 
imaging  specialist  Equilibrium,  and 
ProvisonSoft  (formerly  CMGion). 

Although  CMGI  has  done  well  to  sur¬ 
vive  when  so  many  other  Internet  com¬ 
panies  have  not,  it’s  not  out  of  the  woods 
yet.  Noting  that  all  the  company’s  sub¬ 
sidiaries  operate  in  “embattled  markets,” 
Forrester  Research  Analyst  Christine 
Ferrusi-Ross  in  Cambridge,  Mass.,  is  less 
than  gung  ho  about  the  company’s 
future.  “Even  though  things  are  picking 
up,  most  firms’  prospects  for  the  year  are 
moderate,  and  moderate  is  a  best-case 
scenario  for  CMGI”  in  2002,  she  says. 


JO  HOPPE’S  LEADERSHIP  TIPS 

How  to  Keep  IT  Front  and  Center 

1“You  must  have  support  from  the  top.  It  takes  nothing  less  than  that,  particularly 
when  dramatic  organizational  change  is  at  stake.” 

2  “Really  work  with  operating  managers.  Share  the  vision.  If  you  have  buy-in  and 
good  working  relationships,  they  see  where  you’re  coming  from.” 

3 “Share  as  much  of  your  data  as  possible  with  your  [IT]  managers, 
so  they’re  seeing  the  same  things  executives  are.” 


134  CIO  JUNE  15,  2002  •  www.cio.com 


THERE  ARE  WAYS  TO  RECOGNIZE 
THOSE  WHO  HAVE  RADICALLY 


CHANGED 


WHARTON  INFOSYS  BUSINESS  TRANSFORMATION  AWARD  IS  ONE  MORE 

Organization-wide  Transformation  Award: 

Capital  One  Financial  Corp.  (North  America),  National  Stock  Exchange  of  India  Ltd.  (Rest  of  World) 

Initiative-led  Transformation  Award: 

Qreenpoint  Mortgage  (North  America),  Schlumberger  Oilfield  Services  (Rest  of  World) 

Technology  Change  Leader  Award: 

Warren  Lieberfarb  of  Warner  Home  Video  (North  America),  Takeshi  Natsuno  of  iMode  (Rest  of  World) 


WHARTON 

INFOSYS 

BUSINESS 

TRANSFORMATION 

AWARD 


Infosys,  a  leader  in  deploying  technology  for  business  transformation,  and  the  Wharton  School  present  the  most  outstanding 
business  transformation  acts  of  last  year.  Our  congratulations  also  to  the  finalists:  North  America  -  RBC  Financial  Qr oup, 
Fannie  Mae,  Qeisinger  Health  System,  PNC  Bank,  City  of  Houston  (Department  of  Public  Works  &  Engineering), 
Rick  Devenuti  (Microsoft),  Maynard  Webb  (eBay),  Qill  Hope  (hopeandcare  International  Inc.);  Rest  of  World  -  Ticketnet 
(Subsidiary  of  Auchan),  MATAV  Hungarian  Telecommunications  Company  Ltd.,  ITC  Ltd.,  Barclays  Bank,  Kristine  Pearson 
(Freeplay  Foundation),  Kurt  K ammerer  (living  systems  AG).  Now,  you  can  never  change  enough  not  to  be  recognized,  can  you? 


Wharton  IntOSyS 

The  Wharton  School  r  0  W  l  A  E  D  •»  iNTtllCC 

Univaratty  of  PanoiyNania  OMlVfN  I  f  VAIU 


MANAGEMENT  BRIEFS 

The  Best  Use  of  Bonuses 

By  Edward  Prewitt 


Beyond  the  coming 
year,  “development 
will  be  much  more 
important  than  their 
current  cash  position. 
If  their  growth  strat¬ 
egy  is  to  wait  for  the  recovery  and  hope 
rising  tides  raise  all  boats,  they  won’t 
make  it  past  2002,”  says  Ferrusi-Ross. 

At  first,  the  economic  slowdown 
made  Hoppe’s  centralization  mandate 
easier  to  carry  out.  The  subsidiaries  were 
hungry  for  the  business  systems  she  put 
in  place.  The  ERP  system  lowered  pur¬ 
chasing  costs  and  improved  the  accuracy 
of  forecasts.  By  themselves,  though,  the 
new  systems  couldn’t  offset  CMGI’s  cas¬ 
cading  losses.  The  Internet  advertising 
on  which  the  company  depended  had 
disappeared. 

Hoppe’s  IT  budget,  originally  set  at 
$28  million  for  2002,  was  slashed  to 
$17  million — a  big  hit  made  even  bigger 
by  the  presence  of  high-fixed  costs 
derived  from  the  business  systems  roll¬ 
out.  In  response,  Hoppe  has  reined  in 
projects,  negotiated  savings  with  vendors 
and  laid  off  more  than  a  third  of  her  IT 
staff.  From  a  peak  of  102  employees,  the 
IS  group  is  now  down  to  65,  and  it  may 
not  yet  have  hit  bottom. 

Some  of  the  layoffs  have  been  due  to 
efficiency  gains.  For  example,  Hoppe  and 
other  members  of  an  ad  hoc  committee 
seeking  cost  savings  tallied  230  file-and- 
print  servers  and  65  e-mail  servers  across 
CMGI’s  operating  companies  and  three 
campuses.  Those  servers  are  being  con¬ 
solidated  to  20  and  four,  respectively, 
thereby  reducing  the  need  for  IT  staff  to 
maintain  them.  But  that  doesn’t  make  lay¬ 
offs  any  easier,  Hoppe  says.  She  is  sym¬ 
pathetic  to  the  plight  of  those  who  have 
been  laid  off  or  might  yet  be,  but  CMGI’s 
hopes  for  profitability  come  first. 

As  the  company  shed  subsidiaries  and 
people,  Hoppe  came  up  with  an  innova¬ 
tive  way  to  save  some  money.  Concerned 
about  IT  hardware  “sprouting  legs,”  she 


Will  Work  for  Business 
Alignment 

Cash  bonuses  for  software  developers 
and  other  IT  staff  became  common¬ 
place  during  the  go-go  '90s.  Now, 
when  money  at  many  companies  is 
tight,  how  can  CIOs  ensure  that  money 
is  being  disbursed  wisely? 

Bonuses  have  an  inherent 
alignment  problem,  says  John 
Blanco,  vice  president  of 
Cablevision’s  corporate  IS  strategic 
communications  headquartered  in 
Bethpage,  N.Y.  “Every  IT  professional 
is  fighting  to  look  over  the  fence  to  see 
what  the  business  is  really  doing.  It 
seems  that  when  we  reward  people,  we 
go  back  to  our  own  camps.” 

In  pursuit  of  IT-business  alignment, 
Cablevision  recently  reorganized  the 
600-person  IT  staff  into  cross-func¬ 
tional  teams.  IT  employees  continue  to 
report  to  the  CIO’s  office,  but  they  are 
stationed  within  the  business  units. 

The  details  of  the  bonus  plan  are  still 
to  be  determined,  but  a  big  part  of 
each  IS  staffer’s  bonus  will  depend  on 
what  the  head  of  his  business  unit  says 
about  IT.  “I  want  my  IT  people  to  feel 
they  have  an  investment  in  a  business 
objective,”  Blanco  says.  “It  goes 
against  the  grain,  so  we  use  bonuses 
to  help  [alignment]  along.” 

Ralph  Rodriguez,  CIO  and  chief 
security  officer  of  eXcelon,  an  XML 
software  company  based  in  Burlington, 
Mass.,  keeps  his  troops  aligned  by 
doling  out  bonuses  quarterly.  “The 
frequency  helps  alignment  because 
[bonuses]  cbme  up  so  regularly,”  he 
says.  Bonuses  are  based  on  company 
performance  and  are  not  guaranteed; 
sometimes  there’s  no  money  to  give. 


Most  quarters,  though,  Rodriguez  is  able 
to  sit  down  with  each  of  his  16  IT  staffers 
for  a  review  of  their  work.  Based  on 
criteria  such  as  effort,  quality  of  work 
and  collaboration  with  line  managers, 
he  hands  out  cash  bonuses  that  range 


from  zero  to  15  percent  of  employees’ 
salaries.  “I  don’t  try  to  give  the  money 
away,”  he  says.  “The  company  doesn’t 
get  a  return  from  that.” 

Suppressing  Scope  Creep 

Ace  Hardware  uses  bonuses  to  limit 
scope  creep.  “Users  tend  to  say  [to  IS], 
‘I  don’t  have  a  lot  of  time.  You  know 
what  I  want,”’  says  Paul  Ingevaldson, 
senior  vice  president  of  international 
and  technology  at  the  Oakbrook,  III.- 
based  company.  That  tendency  leads 
to  ambiguous  targets,  ever-expanding 
projects  and  missed  deadlines. 

“We  argue  back  that  it’s  better  to 
get  things  done,”  Ingevaldson  says.  IT 
projects  are  rigorously  defined  at  the 
start  of  the  project,  and  the  300  IS 
employees  are  awarded  bonuses  based 
on  their  ability  to  meet  the  deadlines. 

The  bonus  plan— which  can  be 
“pretty  rich,”  Ingevaldson  says— 
“makes  IT  staff  into  businesspeople 
instead  of  a  bunch  of  techies.”  The 
result  has  been  an  increase  in  the 
number  of  projects  coming  in  on  time, 
he  says,  and  an  awareness  throughout 
the  company  that  the  IS  group  will  do 
what  it  says  it  will  do. 


Hot 

Seat 


136  CIO  JUNE  15,  2002  •  www.cio.com 


ILLUSTRATION  BY  CHRISTOPH  HITZ 


Information  Technology  is  more  than  our  name.  It's  what  we're  all  about.  IT  that  helps  agencies  throughout  | 
the  federal  government  turn  data  into  decisions.  IT  that  ensures  security  and  enables  government  to 
operate  more  efficiently  and  effectively.  Our  services  encompass  enterprise-wide  solutions  and  support 
for  critical  infrastructure,  business  and  mission  systems.  Lockheed  Martin  Information  Technology.  More  than 
7,000  IT  professionals  helping  make  America  a  better  place  to  live. 


Hot 
Seat 


had  all  unused  equip¬ 
ment  gathered  on 
the  fourth  floor  of 
CMGI’s  historic  head¬ 
quarters  building.  She 
then  had  her  staff  set 
up  an  asset  tracking  system,  complete 
with  hardware  specs  and  internal  cost,  on 
the  corporate  portal.  In  a  little  over  a 
year’s  time,  Hoppe  redeployed  75  percent 
of  the  assets,  valued  at  $4.5  million. 

Hoppe’s  ability  to  accomplish  her  busi¬ 
ness  goals  received  a  boost  when 
Wetherell  relinquished  his  CEO  title  in 
February.  He  remained  chairman  while 
CFO  George  McMillan  took  the  reins. 
McMillan  insisted  that  Hoppe  continue 
to  report  to  him,  in  effect  raising  her  sta¬ 
tus.  “Having  that  reporting  relationship 
to  the  top  helps  a  lot  when  you  get  push- 
back.  People  are  aware  of  where  your 
directives  come  from,”  she  says. 


“You  couldn’t  say 
two  years  for  an  ERP 
system.  Two  years  is 
a  lifetime  here.” 

-Jo  Hoppe,  executive  vice 
president  and  CIO,  CMGI 


Relationships  with  the  leaders  of  the 
line  businesses  are  no  less  important  for 
the  CIO,  Hoppe  believes,  especially  in  a 
company  as  decentralized  as  CMGI.  “It’s 
in  hard  times  that  everyone  needs  to  draw 
closer  and  work  cooperatively,”  she  says. 
“You’re  never  going  to  get  everybody 
happy  about  the  fact  that  they’re  going 
to  have  to  let  people  go,  but  when  you 
have  good  working  relationships,  they  see 
where  you’re  coming  from.”  BE] 


Share  your  thoughts  on  leading  IT  in  a  decen¬ 
tralized  organization  with  Leadership  and  Man¬ 
agement  Editor  Edward  Prewitt.  He  can  be 
reached  at  eprewitt@cio.com. 


Leadership  Agenda  by susan  h.cramm 

IT  Parenting 

How  to  make  no  sound  like  yes 

At  a  recent  conference,  a  CIO  leaned  over  and  confessed 
to  me  that  he  has  a  “terminal  case  of  saying  yes.”  My 
response?  It’s  important  to  say  yes— in  the  right  way.  The 
key  to  CIO  success  is  figuring  out  how  to  focus  the  IT 
agenda  while  you  gain  the  reputation  of  a  yea-sayer. 

As  a  rapidly  aging  parent  of  a  2-year-old,  I  will  use  an 
analogy  near  and  dear  to  my  heart:  CIOs  should  manage 
business  partner  relationships  as  they  would  raise  children.  Your  job  is  to  create 
good  IT  citizens.  Like  children,  the  line  managers  in  the  business  are  self- 
absorbed— and  rightfully  so.  They  don’t  care  a  whit  about  being  responsible 
consumers  of  IT  assets;  they  know  what  they  want  from  you  and  don't  believe 
their  personal  desires  may  not  serve  the  company’s  interests  in  the  long  term. 

Parents  help  their  children  learn  how  to  take  care  of  themselves.  CIOs 
should  help  their  business  partners  “move  out”  of  the  centralized  IT  provi¬ 
sioning  house— where  the  IS  group  does  everything  for  them— so  that  the 
organization  can  transition  to  the  fiduciary  model  of  IT  management. 

In  this  organizational  model,  business  units  are  responsible  for  the  “what” 
of  IT,  while  the  IS  group  is  responsible  for  the  “how"  (for  more  detail,  see  my 
column  “The  CIO  as  Valet,”  at  www.cio.com/printlinks ).  As  you  help  your 
business  partners  move  away  from  dependence  on  IT  and  toward  organiza¬ 
tional  interdependence,  here  are  some  tips  on  how  to  make  IT  parenting  work. 

APPEAL  TO  A  HIGHER  AUTHORITY.  This  is  akin  to  parents  using  religious 
principles  to  shift  the  attention  away  from  themselves.  Use  the  company’s 
business  strategy  as  your  guidepost,  and  facilitate  a  planning  process  that 
identifies  and  funds  the  most  important  IT  projects.  Get  the  CFO  to  establish 
and  enforce  tough  investment  rules.  By  positioning  the  CFO  as  the  bad  guy, 
you’ll  be  able  to  form  good-guy  relationships  with  your  business  counterparts 
to  help  them  get  what  they  want— while  ensuring  that  they  play  by  the  rules. 

BE  A  GOOD  ROLE  MODEL.  Be  respectful  and  easy  to  work  with.  Don’t 
assume  that  you  know  line  executives’  business  any  more  than  they  know 
yours.  Nothing  will  get  a  business  partner  crankier  than  convoluted  approval 
processes,  inadequate  basic  IT  services  and  your  inability  to  deliver  quality 
software  on  time  and  on  budget. 

GIVE  THE  BUSINESS  MANAGERS  TASKS.  Set  up  an  approval  process  that 
protects  your  IS  organization  from  heavy  involvement  until  projects  have  been 
vetted  for  strategic  value.  One  CIO  has  taught  his  internal  customers  to  hold 
back  project  requests  until  they  get  the  justification  right.  Another  executive 
has  instituted  a  project  discovery  phase  that  focuses  on  Why  and  What  ques¬ 
tions,  and  postpones  any  heavy  How  analysis  until  after  the  project  has  been 
approved.  Improve  the  odds  of  project  success,  and  at  the  same  time  test 
business  execs’  commitment,  by  requiring  that  they  ante  up  project  resources. 

EDUCATE  AND  HOLD  THEM  ACCOUNTABLE.  Put  your  employees  in  client- 


138  CIO  JUNE  15,  2002  •  www.cio.com 


ILLUSTRATION  BY  MICHELLE  CHANG 


ERP  and  CRM 


Hie  Truth  About 

Enterprise  Software... 

as  Only  Your  Peers  Can  Tell  It. 


Trying  to  take  the  guesswork  out  of  implementing  an  ERP  or 
CRM  application  may  seem  like  an  impossible  task.  Between 
evaluating,  negotiating,  budgeting,  selecting,  and  executing 
the  plan,  the  "unknowns"  can  seem  daunting,  and  the  process 
never-ending. 

TURN  TO  YOUR  PEERS  — who  have  walked  this  path  before 
you  — for  advice.  The  2002  ERP  and  CRM  Vendor  Scorecard 


Tour  peers  grade  the  big 
4  ERP/CRM  vendors'  performance  on 
features,  ROI,  software  quality,  ease  of 
integration,  and  vendor  services. 


Reviews  of  the  vendors  and 
verbatim  comments  from  your  peers  — 
both  pro  and  con— for  each. 


from  Peerstone  Research  captures  the  challenges,  benefits, 
and  advice  from  the  true  experts— 163  Enterprise  Application 
users  — real  practitioners  whose  experience  will  help  you  make 
the  right  decision  for  your  enterprise. 

For  only  $795,  the  2002  ERP  and  CRM  Vendor  Scorecard  is 

delivered  right  to  your  desktop  giving  you  immediate  access  to 
the  information  you  need.  Looking  for  peer-based  ratings  for 
enterprise  software  Systems  Integrators?  See  our  companion 
report,  the  2002  Systems  Integrator  Scorecard.  Printed 
copies,  volume  pricing  and  site  licenses  available  — see  our  web 
site  for  more  information. 


RESEARCH 


Find  out  what  your  peers  are 
saying  about  enterprise  applications' 
ability  to  create  value,  how  to  derive  the 
maximum  benefit  from  ERP  or  CRM,  and 
all  the  other  implementation  questions 
keeping  you  up  at  night. 


In  association  with  CXO  Media  Inc.,  publisher  of  CIO  and  Darwin  magazines 


FOR  EXECUTIVE  DECISION  SUPPORT  TOOLS,  VISIT  THE  CIO  STORE-THE  CIO’S  KNOWLEDGE  MARKETPLACE 

www.theCIOstore.com 


Hot 
Seat 


facing  roles  so  they 
can  help  business 
partners  select  the 
best  course  of 
action.  Use  pilot 
projects  and  proto¬ 
types  to  expose  soft  spots  early.  If  your 
business  partners  decide  to  do  some¬ 
thing  foolish,  ensure  that  they  see  the 
consequences.  For  example,  if  they 
hire  their  own  contractors,  insist  that 
they  agree,  in  writing,  to  do  the  main¬ 
tenance  and  pay  for  integration.  You 
hope  they’ll  decide  against  “running 
away  from  home”— but  if  they  do  leave, 
they’ll  be  smarter  when  they  return. 

CHOOSE  YOUR  BOUNDARIES  AND 


BATTLES  CAREFULLY.  Some  issues 
are  worth  going  to  the  mat.  Most  are 
not.  Give  your  business  partners  the 
freedom  to  make  some  IT  decisions  by 
giving  them  an  IT  allowance  and  a 
curfew.  Link  the  granting  of  this  free¬ 
dom  with  the  responsibility  to  play  by 
the  rules  that  have  been  set  for  value, 
standards,  security,  process  and 
economies  of  scale.  On  the  other  hand, 
if  you  are  trying  to  prevent  a  question¬ 
able  million-dollar  investment,  it’s 
worth  digging  in  your  heels  until 
somebody  puts  forth  the  effort 
required  to  make  the  investment  pay. 

CIOs  have  a  fiduciary  responsibility 
to  ensure  that  value  is  realized  from 
their  company’s  IT  investments.  They 
are  able  to  fulfill  that  responsibility 
through  the  provision  of  value-added 
services  supported  by  a  set  of  rules— 
that  is,  policies,  processes  and 
accountabilities.  By  defining  these 
rules  correctly,  you  can  perfect  that 
highest  skill  of  parenting:  making  no 
sound  a  whole  lot  more  like  yes.  BE] 


Susan  H.  Cramm,  former  CIO  and  vice  president 
of  IT  at  Taco  Bell  and  former  CFO  and  executive 
vice  president  at  Chevys,  is  president  of 
Valuedance,  an  executive  coaching  firm  based 
in  San  Clemente,  Calif. 


Reader  Q&A 

How  to  Raise  Good 
IT  Citizens 

Susan  H.  Cramm  answers  your  questions  on  “IT  Parenting  ” 


Q:  Most  CIOs  try  to  get  consensus, 
but  that  works  only  so  well.  What  are 
your  thoughts  on  being  a  consensus 
person  versus  a  benevolent  dictator? 
A:  In  IT  parenting,  it  is  your  job  to  set 
boundaries— to  act  as  a  benevolent 
dictator,  if  you  will— when  the  inter¬ 
ests  of  the  individual  (or  business  unit 
or  function)  are  not  aligned  with  those 
of  the  enterprise.  The  parameters  that 
CIOs  should  set  include  strategy, 
investment  policies  and  decision¬ 
making  authority,  standards  and  archi¬ 
tecture,  security  and  privacy,  business 
continuity,  HR  standards,  develop¬ 
ment  methodologies  and  tools,  and 
economies  of  scale.  Dictate  on  the 
“how  to  do  IT  right”  issues  and  leave 
the  decisions  on  what  the  company 
should  invest  in  and  why  to  your 
business  partners. 

Q:  Interesting  thoughts.  And  here  I 
was  telling  my  staff  that  I  expected 
them  to  act  like  adults  because  I 
already  had  children  at  home! 

A:  Don’t  change  your  message.  Your 
staff  should  assume  their  role  as 
coparent  and  not  make  your  life  more 
difficult  than  it  already  is  by  “arguing  in 
front  of  the  children.”  A  classic  exam¬ 
ple  is  the  IT  account  representative  or 
project  manager  who  does  not  support 
the  company’s  architectural  directions 
and  standards,  and  shares  his  dis¬ 
agreements  with  the  business  client. 

Q:  What  cost  justification  models  do 
you  recommend  to  the  business?  It 


seems  most  financial  models  used  for 
capital  investment  are  weak  in 
quantifying  soft  benefits,  such  as 
improved  quality,  reduced  rework  or 
customer  satisfaction. 

A:  Just  because  soft  benefits  can’t  be 
translated  into  dollars  does  not  mean 
that  they  cannot  be  quantified  in 
what  I  call  operational  measure¬ 
ments.  All  the  benefits  you  list  can  be 
measured.  A  great  business  sponsor 
is  someone  willing  to  commit  to 
specific  improvements  based  on  his 
understanding  of  the  processes  that 
transform  performance. 

Q:  Do  you  have  a  template  for  a 
project  discovery  phase? 

A:  The  client  I  referred  to  prepares  a 
business  case  for  submission  to  the 
governance  council.  The  business 
case  reviews  the  purpose  of  the 
project,  strategic  alignment,  financial 
and  operational  justifications,  risk 
dimensions,  sponsorship,  timing  and 
required  resources. 

Q:  How  can  an  IT  leader  show  he  has 
the  business  moxie  to  shape  this  IT 
parenting  relationship  successfully? 

A:  The  best  way  for  IT  leaders  to  show 
that  they  have  business  acumen  is  for 
them  to  perform  successfully  in 
executive-level  roles  outside  of  IT. 
Short  of  that,  make  sure  you  deliver 
on  your  commitments  (both  on 
projects  and  operations),  ask  great 
questions,  and  be  someone  with  whom 
people  enjoy  doing  business.  BQ 


140  CIO  JUNE  15,  2002  •  www.cio.com 


THE  FOURTH  ANNUAL 


v 


ANNUAL  SYMPOSIUM  &  AWARDS 


Leadership  and  Innovation  for  the  Future  of  the  Integrated  Enterprise 


Join  your  CIO  peers  and  industry  experts  as  we... 

•  Explore  how  integration  creates  competitive  advantage 

•  Redefine  leadership  -  and  the  role  of  IT  -  in  the  next  business  epoch 

•  Targetthe  emergingtechnologies  that  will  change  your  business 

•  Share  lessons  learned  and  best  practices 


Partners 

Acxiom  Corporation 
EDS 

Hewlett-Packard 
Novell,  Inc. 

PeopleSoft,  Inc. 

Sterling  Commerce,  Inc, 
SupportSoft,  Inc. 


This  year's  CIO  100  Awards 
Ceremony  is  proudly 
underwritten  by 

PeopleSoft. 


SUNDAY,  AUGUST  18 

8:00  AM  -  1:30  PM 

Golf  Tournament 

Tee  up  with  CIO  and  our  Corporate 
Partners  on  The  Broadmoor’s  West 
Course,  designed  by  Robert  Trent 
Jones,  and  known  for  its  challenging, 
steeply-angled  greens. 

3:00  PM  -  5:00  PM 

Registration 

6:00  PM  -  7:30  PM 

Cafe  100  Reception 

Meet  and  network  with  other  partici¬ 
pants,  Award  honorees  and 
Symposium  Partners  in  our  informal 
networking  environment. 

MONDAY,  AUGUST  19: 

Today’s  Challenges 

7:00  AM  -  8:00  AM 

Registration  &  Breakfast 

8:00  AM  -  8:15  AM 

Conference  Welcome 

ABBIE  LUNDBERG 
Editor  in  Chief, 

CIO  Magazine 

8:15  AM  -  9:00  AM 

Future  Forewarned 

PAUL  SAFFO, 

Conference  Moderator 
Director  and  Roy  Amara  Fellow, 
Institute  for  the  Future 
What  business  and  technology  devel¬ 
opments  will  have  the  most  impact 
on  CIOs  in  the  year  to  come?  Saffo 
shares  his  choices  and  why  he  thinks 
these  are  the  key  ones  to  look  out  for. 


SYMPOSIUM 


■  COLORADO  SPRINGS, 


COLORADO 


n  n  o 


9:00  AM  -  9:45  AM 

Achieving  Global  Integration  at 
GM 

CHERRI  MUSSER 
CIO  -  Supply  Chain, 
eGM,  Onstar  Information 
Systems  &  Services 


studies  and  sessions  on  deploying 
the  latest  technologies  and  services 

1:15  PM  -  2:45  PM 

Working  Luncheon:  Special 
Presentation  on  Security  and 
Privacy 


9:45  AM  -  10:15  AM 


Innovation,  Leadership 
Integration 

CRAIG  CONWAY 
CEO,  PeopleSoft,  Inc. 

10:15  AM  -  10:45  AM 


and 


This  session  is  produced  in  coopera¬ 
tion  with  the  National  Critical 
Infrastructure  Assurance  Office 
(CIAO)  in  the  US  Department  of 
Commerce. 

2:45  PM -4:00  PM 

Privacy,  the  Law  and  CIOs 


Mid-Morning  Break 

10:45  AM  -  11:30  AM 

Supply  Chain  Lessons  Learned 
from  the  High-Tech  Implosion 

BUD  MATHAISEL 

Corporate  Vice  President  &  CIO, 

Solectron 

Inventory  write-offs  have  been  in  the 
billions  of  dollars.  This  has  been  a 
financial  problem  for  high-tech  com¬ 
panies,  and  a  particular  embarrass¬ 
ment  for  those  companies  with 
vaunted  Internet  connections  to  their 
suppliers  and  customers.  What  went 
wrong?  Was  it  the  systems,  process¬ 
es,  people  or  incentives  that  failed? 
Does  a  risk-based  approach  towards 
supply  chain  management  have 
potential?  Mathaisel  presents  his 
perspective  and  a  framework  for 
helping  to  prevent  the  reoccurrence 
of  this  expensive  set  of  mistakes. 


CHRIS  HOOFNAGLE 
Legislative  Counsel, 

Electronic  Privacy 
Information  Center 
Like  it  or  not,  as  a  CIO 
you  will  be  highly  involved 
in  your  organization’s  electronic 
privacy  policies  —  and  their  legal 
ramifications.  We  look  at  current  and 
proposed  legislation  that  will  have 
major  impact  on  CIOs,  their 
corporate  officers,  customers  and 
employees. 


I 


i 


4:00  PM  -  5:30  PM  1 

CIO  Executive  Mindshares  t 

Small  working  groups  explore  the 
leadership  challenges  and  best  prac-  , 

tices  of  specific,  critical  IT/business 
topics.  Members  share  experiences, 
lessons  learned,  mistakes  and  suc¬ 
cesses,  and  new  ideas  for  tackling 
common  problems.  Session  participa-  '  ' 
tion  is  limited  to  CIOs  and  senior  IT 
executives. 


11:40  AM  -  1:15  PM 

Industry  Briefings 

Our  corporate  partners  present  case 


To  enroll  or  for  more  information,  call  800  355-0246,  fax  the  form 
to  508  879-7720,  or  visit  our  Web  site  at  www.cio.com/conferences 


AWARDS 


CEREMONY 


a  t  i  o  n  ■  I  n  t 


6:00  PM  -  7:00  PM 

Cafe  100  Reception 

Catch  up  with  our  Symposium 
Partners  and  other  participants  in 
our  informal  networking  lounge. 
Develop  relationships  with  peers 
who  will  serve  as  sources  of  infor¬ 
mation  and  inspiration. 

TUESDAY,  AUGUST  20: 

Tomorrow’s 

Opportunities 

. 

7:00  AM  -  8:00  AM 
Breakfast  &  Informal 
Roundtable  Discussions 

Gather  with  CIO  magazine  editors 
and  fellow  attendees  to  discuss 
j  common  problems  and  possible 
I  solutions.  Each  table  has  a  specific 
topic;  choose  one  and  join  in. 

8:00  AM  -  8:15  AM 

Welcome 

PAULSAFFO 

8:15  AM  -  9:15  AM 
The  Information  Revolution: 
Why  This  is  Just  the  End  of 
the  Beginning 

W.  BRIAN  ARTHUR 
Citibank  Professor, 

Santa  Fe  Institute 
According  to  history,  in 
the  first  stage  of  a  technology  revo¬ 
lution,  a  period  of  speculation  is  fol¬ 
lowed  by  a  crash.  But  we  can  expect 
more  real  innovation  to  come  in  the 
great  build-out  that  follows,  this 
time  driven  by  the  interconnection 
of  business  and  the  appearance  of 
Web-based  services. 


9:15  AM  -  10:15  AM 

The  Future  of  Technology  in 

Business,  Part  I 

While  the  pace  of  innovation  and 
change  in  the  tech  sector  has 
slowed  dramatically,  the  real  build¬ 
out  —  and  the  real  transformation 
of  business  —  is  yet  to  come.  New 
developments  like  the  semantic 
web,  virtual  reality  modeling  lan¬ 
guage  (VRML),  wireless  everywhere, 
cutting-edge  security  tools  and  tech¬ 
niques,  and  the  ability  of  organiza¬ 
tions  to  store  and  manage  over  a 
petabyte  of  information  will  make 
things  possible  that  only  the  futur¬ 
ists  dreamed  about  before.  This 
panel  of  leading  technologists 
explores  some  of  these  critical 
areas. 

10:15  AM  -  10:45  AM 

The  Future  of  Techonology  in 
Business,  Part  II 

The  morning’s  speakers  gather  for 
an  interactive  discussion  about 
where  these  developments  will  lead 
today's  organizations. 

10:45  AM  -  11:15  AM 

Mid-Morning  Break 

11:15  AM  -  12:55  PM 

Industry  Briefings 

1:00  PM  -  2:15  PM 

Networking  Luncheon 

Savor  lunch  and  the  beautiful  view 
from  the  Lakeside  Terrace  while 
you  extend  your  peer  network. 


2:30  PM  -  3:30  PM 
Leading  in  the  Next 
Business/IT  Epoch 
Moderator: 

ABBIE  LUNDBERG 
Editor  in  Chief, 

CIO  Magazine 
Panelists: 

ROB  CARTER 
CIO  &  Executive  Vice 
President,  FedEx 
Corporation 
JERI  DUNN 
CIO,  Nestle  USA,  Inc. 

REBECCA  RHOADS 
CIO,  Raytheon  Compar 
IT  is  more  exposed  to, 
and  embedded  in,  the 
business  than  ever  before.  As  we 
emerge  from  the  recession,  what 
will  be  the  next  IT  epoch,  and  how 
will  CIOs  best  lead  their  organiza¬ 
tions  into  it?  This  roundtable  of  CIO 
100  Honorees  discusses  our  current 
state  of  evolution,  where  we’re 
heading  and  the  requirements  of 
the  IT  leadership  role,  including 
shifting  accountability,  governance 
and  organization  models,  the  chal¬ 
lenge  of  ROI,  and  transformation  vs. 
enablement. 


3:30  PM  -  4:15  PM 

Closing  Keynote 

MICHAEL  SCHRAGE 
Inventor,  Columnist  and  Author  of 
"Serious  Play:  How  the  World's 
Best  Companies  Simulate  to 
Innovate" 

4:15  PM  -  4:30  PM 

Closing  Comments 

PAUL  SAFFO  &  ABBIE  LUNDBERG 

4:30  PM  -  6:30  PM 

Free  Time/Informal 
Networking 

6:30  PM  -  7:00  PM 

CIO  100  Awards  Reception 

Put  on  the  evening  wear  for  our 
special  black  tie  reception,  followed 
by  dinner  and  the  awards  ceremony 
to  recognize  this  year’s  CIO  100 
Award  Honorees. 

7:00  PM  -  9:30  PM 

CIO  100  Awards  Dinner  and 
Ceremony 

9:30  PM  -  11:00  PM 

Dessert  Reception 
Hosted  by  CIO  100  Awards 
Ceremony  Underwriter, 
PeopleSoft,  Inc. 

Cap  off  the  evening  with  a  special 
post-awards  reception. 


The  Broadmoor 

The  Broadmoor  Located  in 
Colorado  Springs  at  the  foot  of  the 
Rockies,  The  Broadmoor  provides 
an  environment  of  unparalleled 
beauty  and  luxury  surrounded  by 
the  mountains  and  centered  by 
Cheyenne  Lake. 

Altitude  Caution:  For  your  safety  and  comfort, 
please  be  aware  that  The  Broadmoor  is  just  over 
6000  ft.  above  sea  level. 


CIO  100  SYMPOSIUM  &  AWARDS 
AUGUST  18-20,  2002 
THE  BROADMOOR 
COLORADO  SPRINGS,  COLORADO 

ENROLLMENT  APPLICATION 


□  I  won’t  be  able  to  attend,  but  please  keep  me  updated  on  future 
CIO  events. 


NAME 

TITLE 

COMPANY 

ADDRESS 

MAIL  STOP 

TELEPHONE 

FAX 

CITY,  STATE,  ZIP 

X 

E-MAIL  ADDRESS 

WEBSITE  URL 

NAME  AS  YOU  WANT  IT  TO  APPEAR  ON  YOUR  BADGE 


□  I  will  be  attending  the  Awards  Ceremony  Dinner  on  Tuesday 
evening. 

□  I  will  bring  a  companion  at  the  cost  of  $375.  (Please  note: 
Companion  Program  details  under  enrollment  fees) 


NAME  OF  MY  COMPANION 

□  My  companion  will  attend  the  USAFA  Garden  of  the  Gods  tour 
Monday  Morning. 

□  My  companion  will  be  attending  the  Awards  Ceremony  Dinner  on 
Tuesday  evening. 

WHAT  IS... 


If  this  is  your  first  CIO  event, 
your  business  card  is  required 
to  process  your  registration. 


4ROBJN2 

ENROLLMENT  FEES 

□  IS  Practitioner/Executive 

$1,895  if  registered  by  June  28,  2002 
$2,195  after  June  28 

Please  make  your  hotel  reservations  immediately  by  calling  CIO 
Conference  Housing  at  800  514-7639.  To  receive  the  discounted  rate, 
please  mention  you  are  attending  CIO  100  when  making  your  reservations. 
Be  sure  to  guarantee  your  room  with  a  credit  card,  as  all  unreserved  or 
unguaranteed  rooms  will  be  released  on  July  5,  2002.  Hotel  reservations, 
cancellations  and  charges  are  your  responsibility.  If  a  Symposium 
Enrollment  Form  is  not  received  within  48  hours  of  making  your  hotel 
reservation,  your  room  will  be  released  from  the  CIO  100  room  block. 

□  US  Federal  Government/Military 

$2,195  if  registered  by  June  28,  2002 
$2,495  after  June  28 

This  fee  includes  your  hotel  for  three  nights.  CXO  will  make  your  hotel 
reservations  for  arrival  Sunday,  August  18  and  departure  Wednesday, 

August  21.  Additional  hotel  reservations  are  your  responsibility. 

□  Companion  Program  $375 

This  fee  includes  all  scheduled  meals,  receptions  and  entertainment, 
planned  companion  activities  and  the  CIO  100  Dinner  &  Awards  Ceremony. 
Companions  are  not  eligible  to  participate  in  the  golf  tournament  or 
Symposium  sessions.  Companions  must  be  enrolled  in  this  program  to 
attend  any  Symposium  function. 

□  Sales/Marketing/Consulting  $10,000 

This  fee  applies  if  you  hold  a  sales,  marketing,  business  development  or 
consulting  position,  including  executive  management  of  IT  vendor  and  con¬ 
sulting  companies.  This  enrollment  fee  is  payable  by  company  check  only 
and  does  not  include  three  nights  hotel.  CXO  will  make  the  final  determi¬ 
nation  of  this  category. 

PAYMENT 

□  Check  enclosed.  Mail  to: 

Executive  Programs,  CXO  Media  Inc.,  P3620,  Boston,  MA  02241-3620 

□  P.0.  # _ 

□  MC  □  Visa  □  AmEx 


ACCT.  #  EXP. 


SIGNATURE 


YOUR  PRIMARY  INDUSTRY? 


YOUR  ORGANIZATION'S  ANNUAL  REVENUES  OR  ASSETS? 


YOUR  ANNUAL  IT  BUDGET? 


All  fees  must  be  paid  prior  to  the  Symposium,  and  all  cancellations  and 
changes  must  be  made  in  writing.  Transportation,  hotel  and  recreation  are 
your  responsibility.  You  may  cancel  your  Symposium  attendance  up  to  July 
19,  2002  without  penalty.  A  $900  administration  fee  will  be  imposed  for 
cancellations  received  between  July  20  -  August  2,  2002.  No  refund  or 
credit  will  be  given  for  cancellations  received  on  or  after  August  2,  2002 
or  for  no-shows.  CXO  reserves  the  right  to  limit  attendance  to  practitioners 
and  Partner  organizations. 


To  enroll  or  for  more  information,  call  800  355-0246,  fax  this  enrollment  form  to  508  879-7720,  or  visit  our  Web  site  at 

www.cio.com/conferences 


Sales  and  Services 

CIO  SALES  OFFICES 

President  &  CEO 

Joseph  L.  Levy  •  508  935-4601 
Publisher  Gary  J.  Beach  •  508  935-4202 

Executive  VP  Sales/Custom  Publishing 

Ellen  Romanow  •  508  935-4796 

Sales  Operations  Associate  Kim  Harris 

East  Coast 

Senior  VP  Sales/East 

Michael  J.  Masters  •  973  244-4024 

Senior  Regional  Mgr./Advertising  Sales 

Kathy  Powers  •  973  244-4041 

Regional  Sales  Manager 

Ellie  Schwab  •  973  244-4042 

Account  Executives 

Joan  Bonadeo  •  973  244-4043 

Gale  Tedeschi  •  973  244-4031 

Office  Mgr.  Marlene  Levis  •  973  244-4033 

Sales  Asst.  Lin  Viggiano  •  973  244-4035 

Administrative  Assistant 

Sharon  Harrison  •  973  244-4037 

New  England 

Senior  Regional  Manager/Advertising  Sales 

Len  Ganz  •  508  935-4039 

Senior  Advertising  Sales  Associate 

Dawn  Cora  -  508  935-4092, 

Fax  508  879-6063 

Mid-Atlantic 

Senior  Regional  Manager/ Advertising  Sales 


Louise  Cupelli  •  215  627-8114 
Account  Executive 
Maureen  Welsh  •  215  627-8114 

South  Central 

Regional  Director/Advertising  Sales 

Robert  E.  Sawdon  •  512  306-9801 

Advertising  Sales  Associate 

Brenda  Garza  •  512  306-9801, 

Fax  512  306-9805 

North  Central 

Senior  Regional  Manager/ Advertising  Sales 

Keith  H,  Kenner  •  847  441-5005, 

Fax  847  441-5150 

Account  Executive 

Beth  Carlson  •  847  441-3140 

Advertising  Sales  Associate 

Kim  Giovanni  •  847  441-5005 

West  Coast 

VP  Sales/West 

Cheri  McKeithan  •  415  975-2685 

Regional  Manager/ Advertising  Sales 

Ai  Collins -415  975-2686 
District  Manager 
Kristin  Nystrom  •  415  975-2687 
Account  Executives 

Jeff  Odell  -  415  975-2682 
Sarajane  Robinson-Retondo  • 

415  975-2693 

Senior  Advertising  Sales  Associate 

Derek  Jung  •  415  975-2683 

Advertising  Sales  Associates 

Chris  DaRosa  •  415  975-2688 
Anna  Limon  •  415  975-2694 

Southern  California 

Regional  Sales  Manager  Chris  Hempel  • 

949  475-5579,  Fax  949  475-5583 


Account  Executive  Chris  Bramel  • 

949  475-5579,  Fax  949  475-5583 

Sales  Associate  Isaac  Ugay  •  949  475-5579, 

Fax  949  475-5583 

NEW  BUSINESS  DEVELOPMENT 

VP.  Business  Development 

Cheryl  M.  Hardy  •  202  625-8342 

Coordinator,  Business  Development 

Kelly  Gabe- 202  625-8343 

LIST  SERVICES 

List  Services  Director 

Kathryn  A.W.  Marston  •  508  935-4072 

List  Services  Account  Executive 

Stephanie  Roy  •  508  935-4151 

List  Services  Coordinator 

Kim  Cormican  •  508  935-4152 

ONLINE  SERVICES 

VP/Online  Sales 

Lisa  Brown  •  508  935-4470 
Online  Sales  Mgr. 

Michael  McPhee  •  508  935-4611 

CUSTOM  PUBLISHING 

Group  Director  Michael  Siggins 
Director  Mary  Gregory 

Director  of  Content  Development  Tom  Field 
Project  Managers  Lisa  Chaffin  (Senior), 
Sally  Ellison 

Graphic  Designer  Chris  Brown 

REPRINT  SERVICES 

For  article  reprints,  please  contact 
Reprint  Services  at  651 582-3800  or 
e-mail  cioreprints@reprintservices.com. 

For  further  sales  information,  visit 
www.cio.com/marketing/salesoffices.html 


Index  of 
Companies 
and  Advertisers 

Page  numbers  refer  to  the  first 
page  of  the  article(s)  in  which  the 
company  is  mentioned.  This  index 
is  provided  as  a  service  to  readers. 
The  publisher  does  not  assume 
any  liability  for  errors  or  omis¬ 


sions. 

COMPANY  INDEX 

9X  Media  Inc . 120 

Aberdeen  Group  Inc . 60 

Ace  Hardware  Corp . 132 

Aetna  inc . 88 

AltaVista  Co . 132 

AMR  Research  Inc . 60, 120 

Attachmate  Corp . 120 

BorgWarner  Inc . 60 

Cablevision  Systems  Corp,  . .  132 

Celanese  AG . 60 

Children's  Hospital  Boston  . .  120 

Cigna  Corp . 88 

CMGI  Inc . 132 

Computer  Sciences  Corp . 66 

DaimlerChrysler . 96 

Definity  Health  . 88 

Deloitte  Touche  Tohmatsu  ...  52 

Destiny  Health  Inc . 88 

Discovery  Health . 88 


EDS  Corp . 88 

eXcelon  Corp . 132 

Forrester  Research  Inc . 132 

Holcomb,  Archer,  Heber 
&  Tyler  Commerce  Inc . 60 

HostBridge  Technology . 120 

Humana  Inc . 88 

Hurwitz  Group . 120 

IBM  Corp . 120 

InteliHealth  Inc . 88 

International  Data  Corp . 120 

ISC2  Inc . 52 

Jacada  Ltd . 120 

John  J.  Davis  &  Associates 
Inc . 24 

J.P.  Morgan  Chase  &  Co . 52 

KeyCorp . 60 

Korn/Ferry  International . 24 

Lockheed  Martin  Corp . 52 

Lycos  Inc . 132 

Medem  Inc . 24 

Microsoft  Corp . 76 

Oracle  Corp . 88, 132 

Outsourcing  Institute,  The  ...  66 

Panasonic  Industrial  Co . 60 

PricewaterhouseCoopers  ....  52 

Prudential  Financial  Inc . 120 

Relativity  Technologies  . 120 

Sapient  Corp . 24 

Securities  Industry  Automation 
Corp . 24 

Sigma-Aldridge . 60 


Staples  Inc . 52 

Sun  Microsystems  Inc . 88 

Taylor  Nelson  Sofres 
Intersearch  Corp . 24 

TeaLeaf  Technology  Inc . 120 

Textron  Inc . 88 

Tivoli  Systems  Inc . 48 

TowerRecords.com  . 120 

Ubid  Inc . 132 

UnitedHealth  Group  Inc . 88 

Vignette  Corp . 48 

Visa  USA . 52 

World  Wide  Retail 
Exchange  LLC . 52 


ADVERTISER  INDEX 

American  Power  Conversion  .  .  95 


AppGate  . 17 

Canon . 27,  73 

Cisco  Systems  Inc . 74,  75 

Cognos  Inc . 13 

Compaq  Computer  Corp.  21, 133 

Computer  Associates 
Inti.  Inc . C4,  5, 119 

Connected  Corp . 39 

Crystal  Decisions  . 29 

CXO  Media 

Inc . 35,  87, 115, 118, 141 

Datacore  Software . 121 

DataMirror  Corp . 37 

Diversified  Software  . 55 

Fujitsu  PC  Corp . 6 


Hewlett-Packard  . 46 

IBM  Corp . 2,  43, 131 

Infosys . 135 

Kronos  Inc . 93 

Lakeview  Technology  . C3 

Lockheed  Martin . 137 

Microsoft  Corp . 30,  51 

Nextel  Communications  Inc.  .  127 

Nortel  Networks  . 79 

Novell  Inc . 117 

Oracle  Corp . 9 

Palm  Inc . 22 

Peerstone  Research . 139 

Pegasystems  Inc . 57 

Quantum  Corp . 71 

Qwest  Communications  ....  123 
Rockwell  FirstPoint  Contact  .  .  59 

salesforce.com  . 25 

SAP  . 40 

Spherion . 97 

Sprint . 63,  65 

Sterling  Commerce . 69 

Sun  Microsystems  Inc . 10 

Sybase  Inc . 45 

Symantec  Corp . 19 

TEKsystems . 125 

Trend  Micro  Devices . C2 

US  Postal  Service . 49 

Veritas  Software  . 81 

Vignette . 14 

Xerox  Corp . 129 


www.cio.com 


CIO  IS  PUBLISHED  IN  THE 
UNITED  STATES  AS  WELL  AS  IN: 

Australia,  CIO  Australia  www.idg.com.au 
Canada,  CIO  Canada  www.lti.on. ca/cio 
China,  CEO  &  CIO  China 
www.  ceocio.  com.cn 
India,  CIO  India  91-80-521-0309/12 
Japan,  CIO  Japan  www.idg.co.jp 
Korea,  CIO  Korea  www.cio.seoul.kr 
Poland,  CXO  Poland  www.cxo.pl 
New  Zealand,  CIO  New  Zealand 
www.idg.co.nz 

Singapore,  CIO  ACEN/Hong-Kong 
www.idg.com.sg 


CIO  Contact 
Information 

Editorial,  Advertising  and  Business 
Offices:  492  Old  Connecticut  Path, 
P.O.  Box  9208,  Framingham,  MA 
01701-9208,  508  872-0080. 

CIO  (ISSN  0894-9301)  is  published 
semimonthly  and  as  a  combined  issue 
December  15/January  1  by  CXO  Media 
Inc.,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208.  Periodicals  postage  paid  at 
Framingham,  MA,  and  at  additional 
mailing  offices.  Canada  Publications 
Mail  Agreement  Number  1902075. 
CANADIAN  POSTMASTER:  Please 
return  undeliverable  copy  to  P.O.  Box 
1632,  Windsor,  ON  N9A  7C9. 

Permissions:  Copyright  2002  by  CXO 
Media  Inc.  All  rights  reserved.  Repro¬ 
duction  of  material  appearing  in  CIO 
is  forbidden  without  written  permis¬ 
sion.  Send  all  requests  to  Permissions 
Department,  CIO,  492  Old  Connect¬ 
icut  Path,  P.O.  Box  9208,  Framing¬ 
ham,  MA  01701-9208. 

Photocopy  Rights:  Permission  to 
photocopy  for  internal  or  personal 
use  or  the  internal  or  personal  use  of 
specific  clients  is  granted  by  CIO  for 
users  through  the  Copyright  Clear¬ 
ance  Center,  provided  that  the  base 
fee  of  $3  per  copy  of  the  article,  plus 
$.50  per  page  is  paid  directly  to 
Copyright  Clearance  Center,  27 
Congress  Street,  Salem,  MA  01970. 
Please  specify:  ISSN  0894-9301. 
Permission  to  photocopy  does  not 
extend  to  contributed  articles 
followed  by  this  symbol:  J. 

Subscriptions:  Address  inquiries  to 
C/O,  492  Old  Connecticut  Path,  P.O. 
Box  9208,  Framingham,  MA  01701- 
9208;  800  788-4605.  CIO  is  free  to 
qualified  information  executives.  To 
all  others  the  one-year  basic  rate  is 
$94  for  the  United  States  and 
Canada,  $175  to  foreign  countries 
(payable  in  U.S.  funds  only).  The 
single  copy  price  is  $9.  Please  allow 
four  to  six  weeks  for  new  subscrip¬ 
tions  to  begin. 

Change  of  Address:  Please  fax  a  copy 
of  current  subscription  label  along 
with  new  address  to  508  879-7899. 
Allow  four  to  six  weeks  for  change  to 
take  effect. 

Postmaster:  Send  change  of  address 
to  CIO,  P.O.  Box  489.  Northbrook,  IL 
60065-9816.  Printed  in  the  U.S.A. 


•  JUNE  15.  2002  CIO  14  5 


EXECUTIVE 


June  15,  2002 


Cover  Story 

B2B  Partner  Security 

By  Eric  Berkman  I  52 

The  security  of  B2B  e-commerce 

partners — suppliers  and  customers 
that  trade  with  companies  over  the 
Web  or  through  dedicated  connections  or 
exchanges — should  not  be  taken  for  granted. 
CIOs  who  want  to  maximize  transactions 
with  existing  partners  and  recruit  new  ones 
(or  avoid  liability)  need  to  account  for  the 
security  of  those  partners.  More  and  more 
CIOs  are  suggesting,  even  imposing, 
expected  security  practices  that  include 
access  controls,  encryption,  access  to 
response  plans,  employee  background 
checks,  incident  notification  and  audit 
compliance.  Cautious  companies  are 
building  security  requirements  into  contracts 
with  B2B  partners,  including  clauses  that 
indemnify  them  from  damages  caused  by  the 
partner’s  security  lapse.  While  a  tough 
customer  like  Visa  can  impose  its  standards 
on  partner  banks  and  merchants,  most 
companies  must  coax  partners  into  adopting 
sometimes  costly  security  practices.  J.P 
Morgan  Treasury  Service  will  pay  for  a 
partner’s  extra  server  if  that’s  what  it  takes  to 
achieve  a  safer  system.  Others  suggest  a 
matching  fund,  where  a  company  offers  to 
kick  in  a  dollar  for  every  dollar  its  partner 
spends  complying  with  the  requirements. 


“The  security  of  your 
B2B  partner  is  as 
important  as  its 
creditworthiness.” 

-PAUL  GAFFNEY,  CIO,  STAPLES 


B2B  Partner  Recruitment  By  Meridith  Levinson  160 

COMPANIES  ARE  LEAVING  millions  of  dollars  on  the  table  because  few  have  yet  to  sign  up 
second-  and  third-tier  trading  partners  for  B2B  e-commerce.  More  than  60  percent  of  suppliers  in  all 
industries  continue  to  receive  orders  via  fax  or  e-mail;  only  4.5  percent  of  all  purchasing  dollars  are 
transacted  through  B2B.  Companies  must  actively  recruit  more  partners.  Panasonic  compares  online 
transaction  costs  with  those  of  manual  methods,  letting  the  money  to  be  made  (and  saved)  do  the 
talking  when  it  tries  to  sign  up  its  partners’  senior  executives.  Celanese  Chemicals  wins  over  frontline 
end  users  by  showing  how  B2B  will  make  their  job  better  rather  than  obsolete.  For  ongoing  online 
support,  Sigma-Aldrich  uses  software  to  take  control  of  the  partner’s  browser  and  guide  it  through 
e-commerce  processes.  Such  hand-holding  costs  money,  but  the  payoff  is  worth  it. 

Public  Sector  Outsourcing  Failure  By  Tom  Field  i  66 

SAN  DIEGO  COUNTY’S  $644  million  outsourcing  pact  with  a  vendor  consortium  was  said  to 
be  the  first  wave  of  a  flood  of  new  public  sector  outsourcing  deals.  But  today,  the  San  Diego  deal  is 
a  mess,  with  the  parties  embroiled  in  a  bitter  dispute  over  cost,  service  levels  and  a  late  ERP  rollout. 
Elsewhere,  across-the-board  outsourcing  of  state  and  local  government  hasn’t  got  off  the  ground — 
and  it  probably  never  will.  The  scope  of  the  work  is  a  major  problem:  Municipalities  and  states  are 
so  far  behind  in  IT  investment  that  once  projects  are  under  way,  vendors  find  themselves  spending 
more  than  expected.  San  Diego’s  consortium  has  already  exceeded  its  projected  investments  by  about 
$10  million  and  300  people.  Union  resistance  and  publicity  add  to  the  intractability  of  outsourcing 
efforts.  CIOs  who  remain  committed  to  outsourcing  are  trying  different  tacks,  such  as  breaking  out 
smaller  pieces  of  their  processes  or  outsourcing  individual  projects. 


Interview:  Richard  Clarke  and  Howard  Schmidt  By  Sarah  d.  Scaiet  176 
THE  CRITICAL  INFRASTRUCTURE  PROTECTION  BOARD,  now  part  of  the  Office  of 
Homeland  Defense,  is  overseen  by  Chairman  Richard  Clarke  and  Vice  Chairman  Howard  Schmidt. 
Part  of  their  mission  is  to  convince  the  private  sector  to  cooperate  with  the  feds,  which  they  hope 
to  accomplish  through  volunteerism  rather  than  regulation  by  making  it  clear  to  companies  that 
reporting  and  preventing  information  security  attacks  is  in  their  own  best  financial  interest.  They 
favor  a  proposed  law  to  allow  exemptions  to  the  Freedom  of  Information  Act  to  encourage  publicity- 
leery  companies  to  report  incidents.  They  point  to  the  president’s  proposal  that  8  percent  of  the  next 
federal  IT  budget  go  toward  cyberdefense  as  an  example  to  CFOs  to  step  up  the  spending.  And  they 
will  push  federal  procurement  policies  to  favor  technology  products  deemed  secure. 


CRM  Transforms  Health  Insurance  By  Scott  Berinato  188 

CIOS  AT  INSURERS  are  using  Web-enabled  CRM  software  that  profiles  individuals’  medical 
spending  needs  and  then  suggests  a  health  plan  that  best  fits  those  needs.  The  software  also  estimates 
the  cost  of  the  plan,  which  consumers  pay  for  out  of  an  annual  savings  allowance  instead  of  having 
the  premium  deducted  from  their  paychecks.  Theoretically,  the  model  will  make  patients  better 
consumers  as  they  try  to  get  the  best  care  for  their  dollar.  At  the  same  time,  it  will  reduce  cost  for 
employers  and  insurers.  Most  of  the  largest  health  insurers,  including  Aetna,  Cigna  and  Humana, 
have  either  rolled  out  a  version  of  these  customized  plans  or  expect  to  do  so  this  year.  Because  this 
new  insurance  model  relies  so  heavily  on  IT  (customization  engines,  Web  tools  and  integration),  the 
CIO  is  front  and  center — and  has  to  deal  with  profound  ethical  issues.  Critics  of  the  new  model 
charge  that  the  plans  will  shift  medical  care  costs  to  the  sick  and  the  poor. 


146  CIO  JUNE  15,  2002  •  www.cio.com 


^  No-exceptions  24x7  customer  service. . 


Headquarters:  Lansing,  Michigan 
Subsidiary  of  $4.5  billion  Republic  Bancorp  Inc. 

Employees:  1,338  . 

I  04  offices 

350,000  customers  throughout  Midwest 

Platform:  Clustered  IBM  eServer  iSeries  Your  roadmap  for 

Key  application:  ClusterProven  SilverLake  Continuous  Availability  of 

from  Jack  Henry  computing  systems  starts 

Managed  Availability  solution:  with  this  FREE  White  Paper. 

MIMIX  from  Lakeview Technology  Getyoursatwww.MIMIX.com 


makes  it 
possible. 


REPUBLIC  BANK 
World’s  First 
IBM®  eServer 
iSeries™  Cluster 
with 

ClusterProven w 
Application 


“The  traditional  banking 
services  of  the  past  half- 
century  have  evolved 
into  round-the-clock 
conveniences.  And  there's 
simply  no  window  for 
system  downtime. 


That's  why  we  depend  on  the  power  of  MIMIX. 


Anybody  can  talk  about  customer  service,  but 
delivery  is  another  matter.  And  MIMIX  really 
helps  us  deliver.  MIMIX  is  tightly  knit  into  our 
iSeries  cluster  featuring  Jack  Henry's  SilverLake 
System®  application.  Hardware  maintenance  and 
full  system  saves  used  to  interrupt  ATM  activity, 
telephone  banking  and  Internet  banking  for  hours. 
But,  with  MIMIX,  system  maintenance  is  done  in 
the  background  with  virtually  no  service  disruptions. 

Achieving  Continuous  Availability  through  an 
iSeries  cluster  was  one  of  the  most  beneficial  things 
we've  ever  done.  And,  without  a  doubt,  MIMIX 
made  it  possible.  ^ 


MiMiX 


It’s  All  About  Availability. 

SOFTWARE.  SERVICES.  SUPPORT  . .for  iSeries 


www.MIMIX.com 


SOME  DAY 

TOMORROW 

EVENTUALLY 

THREE  OF  THE  WORST  TIMES  TO  START  PLANNING 
YOUR  BUSINESS  CONTINUANCE. 

Business  Continuity  Solutions 

Nothing  gives  you  more  peace  of  mind  than  knowing  your 
business  is  already  prepared  to  handle  anything.  To  find  out  how 
ready  you  are  for  the  future,  take  our  Vulnerability  Assessment 
Test  today.  It's  the  quickest  way  to  put  your  mind  at  ease. 


TAKE  OUR  FREE  VULNERABILITY  ASSESSMENT  TEST  AT  CA.COM  /  FREETEST 


Computer  Associates™ 


HELLO  TOMORROW™  WE  ARE  COMPUTER  ASSOCIATES  THE  SOFTWARE  THAT  MANAGES  eBUSINESS™ 


©2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks  and  logos  referenced  herein  belong  to  their  respective  companies. 


